Remote authentication of an object using a signature part

ABSTRACT

A method of authenticating an object in which a computer system receives indicating data from a sensing device. The indicating data is generated in response to sensing of coded data provided on or in a surface associated with the object and is indicative of an identity of the object and at least part of a signature. The signature is in turn a digital signature of at least part of the identity. The computer system uses the indicating to determine a received identity and a received signature part, before using the using the received identity to determine at least a determined signature part. The determined signature part is then compared to the received signature part to authenticate the object.

FIELD OF THE INVENTION

The present invention broadly relates to a method and apparatus for theprotection of products and security documents using machine readabletags disposed on or in a surface of the product or security document.

CO-PENDING APPLICATIONS

The following applications have been filed by the Applicantsimultaneously with the present application: HYS001US HYS002US HYS003USHYS004US HYP001US HYP002US HYP003US HYP004US HYP005US HYN001US HYN002USHYN003US HYN004US HYN005US

The disclosures of these co-pending applications are incorporated hereinby reference. The above applications have been identified by theirfiling docket number, which will be substituted with the correspondingapplication number, once assigned.

CROSS-REFERENCES

Various methods, systems and apparatus relating to the present inventionare disclosed in the following co-pending applications and grantedpatents filed by the applicant or assignee of the present invention. Thedisclosures of all of these co-pending applications and granted patentsare incorporated herein by cross-reference. 6,795,215 10/884,881 PEC01NP09/575,109 10/296,535 09/575,110 6,805,419 09/607,985 6,398,3326,394,573 6,622,923 6,747,760 10/189,459 10/943,941 10/949,29410/727,181 10/727,162 10/727,163 10/727,245 10/727,204 10/727,23310/727,280 10/727,157 10/727,178 10/727,210 10/727,257 10/727,23810/727,251 10/727,159 10/727,180 10/727,179 10/727,192 10/727,27410/727,164 10/727,161 10/727,198 10/727,158 10/754,536 10/754,93810/727,227 10/727,160 10/934,720 10/854,521 10/854,522 10/854,48810/854,487 10/854,503 10/854,504 10/854,509 10/854,510 10/854,49610/854,497 10/854,495 10/854,498 10/854,511 10/854,512 10/854,52510/854,526 10/854,516 10/854,508 10/854,507 10/854,515 10/854,50610/854,505 10/854,493 10/854,494 10/854,489 10/854,490 10/854,49210/854,491 10/854,528 10/854,523 10/854,527 10/854,524 10/854,52010/854,514 10/854,519 PLT036US 10/854,499 10/854,501 10/854,50010/854,502 10/854,518 10/854,517 10/934,628 10/728,804 10/728,95210/728,806 10/728,834 10/729,790 10/728,884 10/728,970 10/728,78410/728,783 10/728,925 10/728,842 10/728,803 10/728,780 10/728,77910/773,189 10/773,204 10/773,198 10/773,199 10/773,190 10/773,20110/773,191 10/773,183 10/773,195 10/773,196 10/773,186 10/773,20010/773,185 10/773,192 10/773,197 10/773,203 10/773,187 10/773,20210/773,188 10/773,194 10/773,193 10/773,184 6,746,105 6,623,1016,406,129 6,505,916 6,457,809 6,550,895 6,457,812 6,428,133 09/575,14110/407,212 10/815,625 10/815,624 10/815,628 09/517,539 6,566,85809/112,762 6,331,946 6,246,970 6,442,525 09/517384 09/505951 637435409/517608 09/505147 6757832 6334190 6745331 09/517541 10/20355910/203540 10/203564 10/636263 10/636283 10/866608 10/902889 10/90288310/940653 10/942858 10/409876 10/409848 10/409845 09/575197 09/57519509/575159 09/575132 09/575123 6825945 09/575130 09/575165 681303909/693415 09/575118 6824044 09/608970 09/575131 09/575116 6816274NPA019NUS 09/575139 09/575186 6681045 6678499 6679420 09/66359909/607852 6728000 09/693219 09/575145 09/607656 6813558 676694209/693515 09/663701 09/575192 6720985 09/609303 09/610095 09/60959609/693705 09/693647 09/721895 09/721894 09/607843 09/693690 09/60760509/608178 09/609553 09/609233 09/609149 09/608022 09/575181 09/72217409/721896 10/291522 6718061 10/291523 10/291471 10/291470 682595610/291481 10/291509 10/291825 10/291519 10/291575 10/291557 10/29166110/291558 10/291587 10/291818 10/291576 6829387 6714678 6644545 66096536651879 10/291555 10/291510 10/291592 10/291542 10/291820 10/29151610/291,363 10/291487 10/291520 10/291521 10/291556 10/291821 10/29152510/291586 10/291822 10/291524 10/291553 10/291511 10/291585 10/29137410/685523 10/685583 10/685455 10/685584 10/757600 10/804034 10/79393310/853356 10/831232 10/884882 10/943875 10/943938 10/943874 10/94387210/944044 10/943942 10/944043 10/949293 10/943877 10/965913 10/954170NPA174US NPA175US NPA176US NPA177US NPA178US NPA179US NPA181US NPA182USNPA183US NPA184US NPA185US NPA186US NPA187US NPA188US 09/57519309/575156 09/609232 09/607844 6457883 09/693593 10/743671 NPB010US09/928055 09/927684 09/928108 09/927685 09/927809 09/575183 678919409/575150 6789191 10/900129 10/900127 10/913328 10/913350 NPK010USNPK011US 6644642 6502614 6622999 6669385 6827116 10/933285 NPM016US6549935 NPN004US 09/575187 6727996 6591884 6439706 6760119 09/57519809/722148 09/722146 6826547 6290349 6428155 6785016 6831682 674187109/722171 09/721858 09/722142 10/171987 10/202021 10/291724 10/29151210/291554 10/659027 10/659026 10/831242 10/884885 10/884883 10/90115410/932044 NPP051US NPP052US NPP053US 10/965733 10/965933 NPP058USNPP060US NPP061US NPP062US 10/659027 09/693301 09/575174 6822639 64748886627870 6724374 6788982 09/722141 6788293 09/722147 6737591 09/72217209/693514 6792165 09/722088 6795593 10/291823 6768821 10/29136610/291503 6797895 10/274817 10/782894 10/782895 10/778056 10/77805810/778060 10/778059 10/778063 10/778062 10/778061 10/778057 10/84689510/917,468 10/917467 10/917466 10/917465 10/917356 10/948169 10/94825310/948157 10/917436 10/943856 10/919379 10/943843 10/943878 10/943849NPS086US 09/575154 09/575129 6830196 09/575188 09/721862 10/47374710/120441 10/291577 10/291718 6,789,731 10/291543 6766944 676694510/291715 10/291559 10/291660 10/409864 10/309358 10/410484 10/88488410/853379 10/786631 10/853782 10/893372 10/893381 10/893382 10/89338310/893384 NPT046US NPT047US NPT048US NPT049US NPT050US NPW001US10/492,152 NPW003US NPW004US 10/492154 NPW007US 10/683151 10/683040NPW012US 10/919260 NPW013US 10/919261 10/778090 09/575189 09/57516209/575172 09/575170 09/575171 09/575161 10/291716 10/291547 10/2915386786397 10/291827 10/291548 10/291714 10/291544 10/291541 10/29158410/291579 10/291824 10/291713 10/291545 10/291546 10/917355 10/91334010/940668 NPX041US 6593166 10/428823 10/849931 10/815621 10/81561210/815630 10/815637 10/815638 10/815640 10/815642 10/815643 10/81564410/815618 10/815639 10/815635 10/815647 10/815634 10/815632 10/81563110/815648 10/815614 10/815645 10/815646 10/815617 10/815620 10/81561510/815613 10/815633 10/815619 10/815616 10/815614 10/815636 10/81564910/815609 10/815627 10/815626 10/815610 10/815611 10/815623 10/81562210/815629

Some application has been listed by docket numbers, these will bereplace when application number are known.

BACKGROUND

Currently there are two main types of technologies offering alternativemethods of unique product item identification, such as EPCs, namely:

-   -   2D optical barcodes, and    -   RFID.

A 2D optical barcode consists of a composite image that can store about2,000 bytes of data along two dimensions. The Uniform Code Council andEuropean Article Numbering (EAN) International have standardized a rangeof 2D barcodes, all with a significantly larger data capacity than theexisting EPC.

2D optical barcodes are now widely used in the global pharmaceuticalindustry. In the United States, the Food and Drug Administration (FDA)has mandated their use on all pharmaceutical goods manufactured withinits jurisdiction to identify product lines. The main advantage drivingtheir acceptance is that they are inexpensive to produce.

The main disadvantage of 2D optical barcodes is that they are oftendifficult to read due to label damage and a direct ‘line-of-sight’ isneeded for scanning. In addition to this, 2-D optical barcodes areunsightly and therefore detrimental to the packaging of the product.This problem is exacerbated in the case of pharmaceuticals, whichgenerally use small packaging, but require a relatively large bar-codewhich can therefore obscure a substantial part of the packaging.

In the case RFID tags, these can again provide unique product itemidentification encoded in the form of an EPC. However, there are alsosome disadvantages that make RFID tags unsuitable for some products.

First, RFID tags are costly to produce. Secondly, the presence ofmetals, liquids and other electromagnetic frequency (EMF) signals caninterfere with RFID tag scanners, and thus seriously jeopardize thereliability and integrity of the RFID system. Thirdly tags can be readremotely without knowledge of the tag holder, thereby raising privacyconcerns.

Surface Coding Background

The netpage surface coding consists of a dense planar tiling of tags.Each tag encodes its own location in the plane. Each tag also encodes,in conjunction with adjacent tags, an identifier of the regioncontaining the tag. This region ID is unique among all regions. In thenetpage system the region typically corresponds to the entire extent ofthe tagged surface, such as one side of a sheet of paper.

The surface coding is designed so that an acquisition field of viewlarge enough to guarantee acquisition of an entire tag is large enoughto guarantee acquisition of the ID of the region containing the tag.Acquisition of the tag itself guarantees acquisition of the tag'stwo-dimensional position within the region, as well as othertag-specific data. The surface coding therefore allows a sensing deviceto acquire a region ID and a tag position during a purely localinteraction with a coded surface, e.g. during a “click” or tap on acoded surface with a pen.

The use of netpage surface coding is described in more detail in thefollowing copending patent applications, U.S. Ser. No. 10/815,647(docket number HYG001US), entitled “Obtaining Product Assistance” filedon 2 Apr. 2004; and U.S. Ser. No. 10/815,609 (docket number HYT001US),entitled “Laser Scanner Device for Printed Product Identification Cod”filed on 2 Apr. 2004.

Cryptography Background

Cryptography is used to protect sensitive information, both in storageand in transit, and to authenticate parties to a transaction. There aretwo classes of cryptography in widespread use: secret-key cryptographyand public-key cryptography.

Secret-key cryptography, also referred to as symmetric cryptography,uses the same key to encrypt and decrypt a message. Two parties wishingto exchange messages must first arrange to securely exchange the secretkey.

Public-key cryptography, also referred to as asymmetric cryptography,uses two encryption keys. The two keys are mathematically related insuch a way that any message encrypted using one key can only bedecrypted using the other key. One of these keys is then published,while the other is kept private. They are referred to as the public andprivate key respectively. The public key is used to encrypt any messageintended for the holder of the private key. Once encrypted using thepublic key, a message can only be decrypted using the private key. Thustwo parties can securely exchange messages without first having toexchange a secret key. To ensure that the private key is secure, it isnormal for the holder of the private key to generate the public-privatekey pair.

Public-key cryptography can be used to create a digital signature. Ifthe holder of the private key creates a known hash of a message and thenencrypts the hash using the private key, then anyone can verify that theencrypted hash constitutes the “signature” of the holder of the privatekey with respect to that particular message, simply by decrypting theencrypted hash using the public key and verifying the hash against themessage. If the signature is appended to the message, then the recipientof the message can verify both that the message is genuine and that ithas not been altered in transit.

Secret-key can also be used to create a digital signature, but has thedisadvantage that signature verification can also be performed by aparty privy to the secret key.

To make public-key cryptography work, there has to be a way todistribute public keys which prevents impersonation. This is normallydone using certificates and certificate authorities. A certificateauthority is a trusted third party which authenticates the associationbetween a public key and a person's or other entity's identity. Thecertificate authority verifies the identity by examining identitydocuments etc., and then creates and signs a digital certificatecontaining the identity details and public key. Anyone who trusts thecertificate authority can use the public key in the certificate with ahigh degree of certainty that it is genuine. They just have to verifythat the certificate has indeed been signed by the certificateauthority, whose public key is well-known.

To achieve comparable security to secret-key cryptography, public-keycryptography utilises key lengths an order of magnitude larger, i.e. afew thousand bits compared with a few hundred bits.

Schneier B. (Applied Cryptography, Second Edition, John Wiley & Sons1996) provides a detailed discussion of cryptographic techniques.

SUMMARY OF THE INVENTION

In a first broad form of the invention provides coded data for disposalon or in a surface, the coded data including a number of coded dataportions, each coded data portion encoding: an identity; and, at leastpart of a signature, the signature being a digital signature of at leastpart of the identity.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, the signature is a digital signature of at least part of theidentity and at least part of predetermined padding.

Optionally, the padding is associated with and unique to the identity,the padding being at least one of: a predetermined number; and, a randomnumber.

Optionally, each data portion encodes a signature fragment.

Optionally, the entire signature is encoded within a plurality of dataportions.

Optionally, the coded data includes a plurality of layouts, each layoutdefining the position of a plurality of first symbols encoding theidentity, and a plurality of second symbols defining at least part ofthe signature.

Optionally, the coded data is substantially invisible to an unaidedhuman.

Optionally, the coded data is printed on the surface using at least oneof: an invisible ink; and, an infrared-absorptive ink.

Optionally, the coded data is provided substantially coincident withvisible human-readable information.

Optionally, at least some of the coded data portions encode dataindicative of at least one of: a location of the respective dataportion; a position of the respective data portion on the surface; asize of the data portions; a size of the signature; an identity of asignature fragment; and, units of indicated locations.

Optionally, the coded data includes at least one of: redundant data;data allowing error correction; Reed-Solomon data; and, CyclicRedundancy Check (CRC) data.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes an identity of at least one of: anobject defining the surface; the surface; a region of the surface; and,an object associated with the surface.

Optionally, at least one coded data portion further encodes at least afragment of a data object.

Optionally, the data object includes at least one of: the digitalsignature; Multipurpose Internet Mail Extensions (MIME) data; text data;image data; audio data; video data; application data; contact data;business card data; and, directory data.

Optionally, the surface is associated with an object, the objectincluding at least one of: an item of manufacture; a pharmaceuticalitem; a currency note; a check; a credit or debit card; a redeemableticket, voucher, or coupon; a lottery ticket or instant win ticket; and,an identity card or document, such as a driver's license or passport.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least oneof: currency; issue country; denomination; note side; printing works;and serial number; a check attribute including at least one of:currency; issuing institution; account number; serial number; expirydate; check value; and limit; a card attribute including at least oneof: card type; issuing institution; account number; issue date; expirydate; and limit.

Optionally, the coded data is adapted to be sensed by a sensing deviceto allow determination of the identity and, at least part of thesignature.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

Optionally, the coded data includes a plurality of tags, each coded dataportion being formed from at least one tag.

Optionally, the surface having disposed therein or thereon coded dataaccording to claim 1, the coded data encoding an identity of the object.

Optionally, the coded data including a plurality of coded data portions,each coded data portion encoding at least a fragment of a data object,the data portions being arranged such that the entire data object isencoded at least once by the plurality of coded data portions.

Optionally, the coded data is disposed in or on a surface of an object.

Optionally, the coded data being used in a method of authenticating anobject and being provided on or in a surface associated with the object,the method including, in a computer system: receiving indicating datafrom a sensing device, the sensing device generating the indicating datain response to sensing the coded data, the indicating data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; determining, using the indicating data, a receivedidentity and a received signature part; determining, using the receivedidentity, at least a determined signature part; comparing the determinedsignature part to the received signature part; and, authenticating theobject using the results of the comparison.

Optionally, the coded data being used in a method of authenticating anobject and being provided on or in a surface associated with the object,the method including: sensing the coded data, the coded data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; determining, using the sensed coded data, a sensedidentity and a sensed signature part; determining, using the sensedidentity, at least a determined signature part; comparing the determinedsignature part to the sensed signature part; and, authenticating theobject using the results of the comparison.

Optionally, the coded data being used in a method of authenticating anobject and being provided on or in a surface associated with the object,the method including, in a computer system: receiving from a sensingdevice, indicating data, the indicating data being generated in responseto sensing the coded data, the indicating data being indicative of: anidentity of the object; and, a plurality of signature fragments, thesignature being a digital signature of at least part of the identity;determining, using the indicating data, the identity and the pluralityof signature fragments; determining, using the plurality of signaturefragments, a determined signature; generating, using the determinedsignature and a key, a generated identity; comparing the identity to thegenerated identity; and, authenticating the object using the results ofthe comparison.

Optionally, the coded data being used in a method of authenticating anobject and being provided on or in a surface associated with the object,the method including: sensing the coded data; determining, from thesensed coded data: an identity of the object; and, a plurality ofsignature fragments, the signature being a digital signature of at leastpart of the identity; determining, using the plurality of signaturefragments, a determined signature; generating, using the determinedsignature and a key, a generated identity; comparing the identity to thegenerated identity; and, authenticating the object using the results ofthe comparison.

Optionally, the coded data being used in a method of authenticating anobject using a processor and being provided on or in a surfaceassociated with the object, the method including, in the processor:receiving indicating data, the indicating data being generated inresponse to sensing the coded data, the indicating data being indicativeof: an identity of the object; and, at least part of a signature, thesignature being a digital signature of at least a part of the identity;determining from the indicating data, a received identity and at leastone received signature part; determining, using the received identityand a secret key, a determined signature; comparing the determinedsignature to the at least one received signature part; and,authenticating the object using the results of the comparison.

Optionally, the coded data being used in a method of authenticating anobject using a processor and being disposed thereon or therein a surfaceassociated with the object, each coded data portion encoding: anidentity of the object; and, a fragment of a signature, the signaturebeing a digital signature of at least part of the identity; the methodincluding, in the processor: receiving indicating data, the indicatingdata being generated in response to sensing of a plurality of coded dataportions, the indicating data being indicative of: the identity of theobject; and, a plurality of signature fragments; determining, from theindicating data, a received identity and a plurality of receivedsignature fragments; determining, using the plurality of signaturefragments and a secret key, a determined identity; comparing thedetermined identity to the received identity; and, authenticating theobject using the results of the comparison.

Optionally, the coded data being used by a device for authenticating anobject and being provided on or in a surface associated with theobjected, the device including: a sensor for sensing the coded data, thecoded data encoding: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; and, a processor for: determining, from the sensed codeddata, a sensed identity and at least one sensed signature part;authenticating the object using the sensed identity and the at least onesensed signature part.

In a second broad form the invention provides coded data for disposal onor in a surface, the coded data including a number of coded dataportions, each coded data portion encoding: an identity; and, at leastpart of a signature, the signature being a digital signature of atleast: part of the identity; and part of predetermined padding.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, wherein the padding is associated with and unique to theidentity, the padding being at least one of: a predetermined number; arandom number.

Optionally, each data portion encodes a signature fragment.

Optionally, the entire signature is encoded within a plurality of dataportions.

Optionally, the coded data includes a plurality of layouts, each layoutdefining the position of a plurality of first symbols encoding theidentity, and a plurality of second symbols defining at least part ofthe signature.

Optionally, the coded data includes a plurality of tags, each coded dataportion being formed from at least one tag.

Optionally, the coded data is substantially invisible to an unaidedhuman.

Optionally, the coded data is printed on the surface using at least oneof: an invisible ink; and, an infrared-absorptive ink.

Optionally, the coded data is provided substantially coincident withvisible human-readable information.

Optionally, at least some of the coded data portions encode dataindicative of at least one of: a location of the respective dataportion; a position of the respective data portion on the surface; asize of the data portions; a size of the signature; an identity of asignature fragment; and, units of indicated locations.

Optionally, the coded data includes at least one of: redundant data;data allowing error correction; Reed-Solomon data; and, CyclicRedundancy Check (CRC) data.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes an identity of at least one of: anobject defining the surface; the surface; a region of the surface; and,an object associated with the surface.

Optionally, at least one coded data portion further encodes at least afragment of a data object.

Optionally, the data object includes at least one of: the digitalsignature; Multipurpose Internet Mail Extensions (MIME) data; text data;image data; audio data; video data; application data; contact data;business card data; and, directory data.

Optionally, the surface is associated with an object, the objectincluding at least one of: an item of manufacture; a pharmaceuticalitem; a currency note; a check; a credit or debit card; a redeemableticket, voucher, or coupon; a lottery ticket or instant win ticket; and,an identity card or document, such as a driver's license or passport.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least oneof: currency; issue country; denomination; note side; printing works;and serial number; a check attribute including at least one of:currency; issuing institution; account number; serial number; expirydate; check value; and limit; and, a card attribute including at leastone of: card type; issuing institution; account number; issue date;expiry date; and limit.

Optionally, the coded data is adapted to be sensed by a sensing deviceto allow determination of the identity; and, at least part of thesignature.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

Optionally, an object associated with a surface, the surface havingdisposed therein or thereon coded data, wherein the coded data encodesan identity of the object.

Optionally, the coded data being disposed on or in a surface, the codeddata including a plurality of coded data portions, each coded dataportion encoding: an identity; and, at least a fragment of a dataobject; the data portions being arranged such that the entire dataobject is encoded at least once by the plurality of coded data portions.

Optionally, the coded data being provided on or in a surface of anobject.

Optionally, the coded data being used in a method of authenticating anobject and being provided on or in a surface associated with the object,the method including, in a computer system: receiving indicating datafrom a sensing device, the sensing device generating the indicating datain response to sensing the coded data, the indicating data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; determining, using the indicating data, a receivedidentity and a received signature part; determining, using the receivedidentity, at least a determined signature part; comparing the determinedsignature part to the received signature part; and, authenticating theobject using the results of the comparison.

Optionally, the coded data being used in a method of authenticating anobject and being provided on or in a surface associated with the object,the method including: sensing the coded data, the coded data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; determining, using the sensed coded data, a sensedidentity and a sensed signature part; determining, using the sensedidentity, at least a determined signature part; comparing the determinedsignature part to the sensed signature part; and, authenticating theobject using the results of the comparison.

Optionally, the coded data being used in a method of authenticating anobject and being provided on or in a surface associated with the object,the method including, in a computer system: receiving from a sensingdevice, indicating data, the indicating data being generated in responseto sensing the coded data, the indicating data being indicative of: anidentity of the object; and, a plurality of signature fragments, thesignature being a digital signature of at least part of the identity;determining, using the indicating data, the identity and the pluralityof signature fragments; determining, using the plurality of signaturefragments, a determined signature; generating, using the determinedsignature and a key, a generated identity; comparing the identity to thegenerated identity; and, authenticating the object using the results ofthe comparison.

Optionally, the coded data being used in a method of authenticating anobject and being provided on or in a surface associated with the object,the method including: sensing the coded data; determining, from thesensed coded data: an identity of the object; and, a plurality ofsignature fragments, the signature being a digital signature of at leastpart of the identity; determining, using the plurality of signaturefragments, a determined signature; generating, using the determinedsignature and a key, a generated identity; comparing the identity to thegenerated identity; and, authenticating the object using the results ofthe comparison.

Optionally, the coded data being used in a method of authenticating anobject using a processor and being provided on or in a surfaceassociated with the object, the method including, in the processor:receiving indicating data, the indicating data being generated inresponse to sensing the coded data, the indicating data being indicativeof: an identity of the object; and, at least part of a signature, thesignature being a digital signature of at least a part of the identity;determining from the indicating data, a received identity and at leastone received signature part; determining, using the received identityand a secret key, a determined signature; comparing the determinedsignature to the at least one received signature part; and,authenticating the object using the results of the comparison.

Optionally, the coded data being used in a method of authenticating anobject using a processor and being provided therein or thereon a surfaceassociated with the object, each coded data portion encoding: anidentity of the object; and, a fragment of a signature, the signaturebeing a digital signature of at least part of the identity; the methodincluding, in the processor: receiving indicating data, the indicatingdata being generated in response to sensing of a plurality of coded dataportions, the indicating data being indicative of: the identity of theobject; and, a plurality of signature fragments; determining, from theindicating data, a received identity and a plurality of receivedsignature fragments; determining, using the plurality of signaturefragments and a secret key, a determined identity; comparing thedetermined identity to the received identity; and, authenticating theobject using the results of the comparison.

Optionally, the coded data being used by a device for authenticating anobject and being provided on or in a surface associated with the object,the device including: a sensor for sensing coded, the coded dataencoding: an identity of the object; and, at least part of a signature,the signature being a digital signature of at least part of theidentity; and, a processor for: determining, from the sensed coded data,a sensed identity and at least one sensed signature part; authenticatingthe object using the sensed identity and the at least one sensedsignature part.

In a third broad form the invention provides coded data for disposal onor in a surface, the coded data including a plurality of coded dataportions, each coded data portion encoding: an identity; and, at least afragment of a data object; the data portions being arranged such thatthe entire data object is encoded at least once by the plurality ofcoded data portions.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, the data object includes at least part of a signature, thesignature being a digital signature of at least part of the identity.

Optionally, the signature is a digital signature of at least part of theidentity and at least part of predetermined padding.

Optionally, the padding is associated with and unique to the identity,the padding being at least one of: a predetermined number; a randomnumber.

Optionally, each data portion further encodes a signature fragment.

Optionally, the data object is encoded within a plurality of dataportions.

Optionally, the coded data includes a plurality of layouts, each layoutdefining the position of a plurality of first symbols encoding theidentity, and a plurality of second symbols defining at least part ofthe data object.

Optionally, the coded data is substantially invisible to an unaidedhuman.

Optionally, the coded data is printed on the surface using at least oneof: an invisible ink; and, an infrared-absorptive ink.

Optionally, the coded data is provided substantially coincident withvisible human-readable information.

Optionally, at least some of the coded data portions encode dataindicative of at least one of: a location of the respective dataportion; a position of the respective data portion on the surface; asize of the data portions; a size of the data object; an identity of adata object fragment; and, units of indicated locations.

Optionally, the coded data includes at least one of: redundant data;data allowing error correction; Reed-Solomon data; and, CyclicRedundancy Check (CRC) data.

Optionally, the signature is at least one of: a random number associatedwith the identity; a keyed hash of at least the identity; a keyed hashof at least the identity produced using a private key, and verifiableusing a corresponding public key; cipher-text produced by encrypting atleast the identity; cipher-text produced by encrypting at least theidentity and a random number; cipher-text produced using a private key,and verifiable using a corresponding public key; and cipher-textproduced using RSA encryption.

Optionally, the identity includes an identity of at least one of: anobject defining the surface; the surface; a region of the surface; and,an object associated with the surface.

Optionally, the data object includes at least one of: MultipurposeInternet Mail Extensions (MIME) data; text data; image data; audio data;video data; application data; contact data; business card data; and,directory data.

Optionally, the surface is associated with an object, the objectincluding at least one of: an item of manufacture; a pharmaceuticalitem; a currency note; a check; a credit or debit card; a redeemableticket, voucher, or coupon; a lottery ticket or instant win ticket; and,an identity card or document, such as a driver's license or passport.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least oneof: currency; issue country; denomination; note side; printing works;and serial number; a check attribute including at least one of:currency; issuing institution; account number; serial number; expirydate; check value; and limit; and, a card attribute including at leastone of: card type; issuing institution; account number; issue date;expiry date; and limit.

Optionally, the coded data is adapted to be sensed by a sensing deviceto allow determination of the identity; and, the data object.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

Optionally, the coded data includes a plurality of tags, each coded dataportion being formed from at least one tag.

Optionally, an object associated with a surface, the surface havingdisposed therein or thereon coded data according to claim 1, the codeddata encoding an identity of the object and a data object associatedwith the object.

Optionally, each coded data portion further encoding at least part of asignature, the signature being a digital signature of at least part ofthe identity.

Optionally, each coded data portion further encoding at least part of asignature, the signature being a digital signature of at least: part ofthe identity; and part of predetermined padding.

Optionally, the coded data being disposed in or on a surface of anobject, each coded data portion encoding: an identity; and, at leastpart of a signature, the signature being a digital signature of at leastpart of the identity.

Optionally, the coded data being used in a method of authenticating anobject and being provided on or in a surface associated with the object,the method including, in a computer system: receiving indicating datafrom a sensing device, the sensing device generating the indicating datain response to sensing the coded data, the indicating data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; determining, using the indicating data, a receivedidentity and a received signature part; determining, using the receivedidentity, at least a determined signature part; comparing the determinedsignature part to the received signature part; and, authenticating theobject using the results of the comparison.

Optionally, the coded data being used in a method of authenticating anobject and being provided on or in a surface associated with the object,the method including: sensing the coded data, the coded data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; determining, using the sensed coded data, a sensedidentity and a sensed signature part; determining, using the sensedidentity, at least a determined signature part; comparing the determinedsignature part to the sensed signature part; and, authenticating theobject using the results of the comparison.

Optionally, the coded data being used in a method of authenticating anobject and being provided on or in a surface associated with the object,the method including, in a computer system: receiving from a sensingdevice, indicating data, the indicating data being generated in responseto sensing the coded data, the indicating data being indicative of: anidentity of the object; and, a plurality of signature fragments, thesignature being a digital signature of at least part of the identity;determining, using the indicating data, the identity and the pluralityof signature fragments; determining, using the plurality of signaturefragments, a determined signature; generating, using the determinedsignature and a key, a generated identity; comparing the identity to thegenerated identity; and, authenticating the object using the results ofthe comparison.

Optionally, the coded data being used in a method of authenticating anobject and being provided, on or in a surface associated with theobject, the method including: sensing the coded; determining, from thesensed coded data: an identity of the object; and, a plurality ofsignature fragments, the signature being a digital signature of at leastpart of the identity; determining, using the plurality of signaturefragments, a determined signature; generating, using the determinedsignature and a key, a generated identity; comparing the identity to thegenerated identity; and, authenticating the object using the results ofthe comparison.

Optionally, the coded data being used in a method of authenticating anobject using a processor and being provided on or in a surfaceassociated with the object, the method including, in the processor:receiving indicating data, the indicating data being generated inresponse to sensing the coded, the indicating data being indicative of:an identity of the object; and, at least part of a signature, thesignature being a digital signature of at least a part of the identity;determining from the indicating data, a received identity and at leastone received signature part; determining, using the received identityand a secret key, a determined signature; comparing the determinedsignature to the at least one received signature part; and,authenticating the object using the results of the comparison.

Optionally, the coded data being used in a method of authenticating anobject using a processor and being disposed therein or thereon a surfaceassociated with the object, each coded data portion further encoding afragment of a signature, the signature being a digital signature of atleast part of the identity; the method including, in the processor:receiving indicating data, the indicating data being generated inresponse to sensing of a plurality of coded data portions, theindicating data being indicative of: the identity of the object; and, aplurality of signature fragments; determining, from the indicating data,a received identity and a plurality of received signature fragments;determining, using the plurality of signature fragments and a secretkey, a determined identity; comparing the determined identity to thereceived identity; and, authenticating the object using the results ofthe comparison.

Optionally, the coded data being used by a device for authenticating anobject and being provided on or in a surface associated with the object,the device including: a sensor for sensing the coded data, the codeddata being indicative of: an identity of the object; and, at least partof a signature, the signature being a digital signature of at least partof the identity; and, a processor for: determining, from the sensedcoded data, a sensed identity and at least one sensed signature part;authenticating the object using the sensed identity and the at least onesensed signature part.

In a fourth broad form of the invention provides an object having asurface, the surface having disposed thereon or therein coded dataincluding a number of coded data portions, each coded data portionencoding: an identity; and, at least part of a signature, the signaturebeing a digital signature of at least part of the identity.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, wherein the signature is a digital signature of at leastpart of the identity and at least part of predetermined padding.

Optionally, the padding is associated with and unique to the identity,the padding being at least one of: a predetermined number; and, a randomnumber.

Optionally, each data portion encodes a signature fragment.

Optionally, the entire signature is encoded within a plurality of dataportions.

Optionally, the coded data includes a plurality of layouts, each layoutdefining the position of a plurality of first symbols encoding theidentity, and a plurality of second symbols defining at least part ofthe signature.

Optionally, the coded data is substantially invisible to an unaidedhuman.

Optionally, the coded data is printed on the surface using at least oneof: an invisible ink; and, an infrared-absorptive ink.

Optionally, the coded data is provided substantially coincident withvisible human-readable information.

Optionally, at least some of the coded data portions encode dataindicative of at least one of: a location of the respective dataportion; a position of the respective data portion on the surface; asize of the data portions; a size of the signature; an identity of asignature fragment; and, units of indicated locations.

Optionally, the coded data includes at least one of: redundant data;data allowing error correction; Reed-Solomon data; and, CyclicRedundancy Check (CRC) data.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes an identity of at least one of: theobject; the surface; and, a region of the surface.

Optionally, at least one coded data portion further encodes at least afragment of a data object.

Optionally, the data object includes at least one of: the digitalsignature; Multipurpose Internet Mail Extensions (MIME) data; text data;image data; audio data; video data; application data; contact data;business card data; and, directory data.

Optionally, the object includes at least one of: an item of manufacture;a pharmaceutical item; a currency note; a check; a credit or debit card;a redeemable ticket, voucher, or coupon; a lottery ticket or instant winticket; and, an identity card or document, such as a driver's license orpassport.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least oneof: currency; issue country; denomination; note side; printing works;and serial number; a check attribute including at least one of:currency; issuing institution; account number; serial number; expirydate; check value; and limit; and, a card attribute including at leastone of: card type; issuing institution; account number; issue date;expiry date; and limit.

Optionally, the coded data is adapted to be sensed by a sensing deviceto allow determination of the identity; and, at least part of thesignature.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

Optionally, wherein the coded data includes a plurality of tags, eachcoded data portion being formed from at least one tag.

Optionally, the data portions are arranged such that the entire dataobject is encoded at least once by the plurality of coded data portions.

Optionally, the object being used in a method of authenticating theobject, the method including, in a computer system: receiving indicatingdata from a sensing device, the sensing device generating the indicatingdata in response to sensing the coded data provided on or in the surfaceassociated with the object, the indicating data being indicative of: anidentity of the object; and, at least part of a signature, the signaturebeing a digital signature of at least part of the identity; determining,using the indicating data, a received identity and a received signaturepart; determining, using the received identity, at least a determinedsignature part; comparing the determined signature part to the receivedsignature part; and, authenticating the object using the results of thecomparison.

Optionally, the object being used in a method of authenticating theobject, the method including: sensing coded data provided on or in thesurface associated with the object, the coded data being indicative of:an identity of the object; and, at least part of a signature, thesignature being a digital signature of at least part of the identity;determining, using the sensed coded data, a sensed identity and a sensedsignature part; determining, using the sensed identity, at least adetermined signature part; comparing the determined signature part tothe sensed signature part; and, authenticating the object using theresults of the comparison.

Optionally, the object being used in a method of authenticating anobject, the method including, in a computer system: receiving from asensing device, indicating data, the indicating data being generated inresponse to sensing the coded data provided on or in the surfaceassociated with the object, the indicating data being indicative of: anidentity of the object; and, a plurality of signature fragments, thesignature being a digital signature of at least part of the identity;determining, using the indicating data, the identity and the pluralityof signature fragments; determining, using the plurality of signaturefragments, a determined signature; generating, using the determinedsignature and a key, a generated identity; comparing the identity to thegenerated identity; and, authenticating the object using the results ofthe comparison.

Optionally, the object being used in a method of authenticating theobject, the method including: sensing the coded data provided on or inthe surface associated with the object; determining, from the sensedcoded data: an identity of the object; and, a plurality of signaturefragments, the signature being a digital signature of at least part ofthe identity; determining, using the plurality of signature fragments, adetermined signature; generating, using the determined signature and akey, a generated identity; comparing the identity to the generatedidentity; and, authenticating the object using the results of thecomparison.

Optionally, the object being used in a method of authenticating theobject using a processor, the method including, in the processor:receiving indicating data, the indicating data being generated inresponse to sensing the coded data provided on or in the surfaceassociated with the object, the indicating data being indicative of: anidentity of the object; and, at least part of a signature, the signaturebeing a digital signature of at least a part of the identity;determining from the indicating data, a received identity and at leastone received signature part; determining, using the received identityand a secret key, a determined signature; comparing the determinedsignature to the at least one received signature part; and,authenticating the object using the results of the comparison.

Optionally, the object being used in a method of authenticating theobject using a processor, each coded data portion encoding: an identityof the object; and, a fragment of a signature, the signature being adigital signature of at least part of the identity; the methodincluding, in the processor: receiving indicating data, the indicatingdata being generated in response to sensing of a plurality of coded dataportions, the indicating data being indicative of: the identity of theobject; and, a plurality of signature fragments; determining, from theindicating data, a received identity and a plurality of receivedsignature fragments; determining, using the plurality of signaturefragments and a secret key, a determined identity; comparing thedetermined identity to the received identity; and, authenticating theobject using the results of the comparison.

Optionally, the object being used in by a device for authenticating theobject, the device including: a sensor for sensing the coded dataprovided on or in the surface associated with the object, the coded dataencoding: an identity; and, at least one part of a signature, thesignature being a digital signature of at least part of the identity; aprocessor for: determining, from the sensed coded data, a sensedidentity and at least one sensed signature part; authenticating theobject using the sensed identity and the at least one sensed signaturepart.

In a fifth broad form the invention provides a method of authenticatingan object, the method including, in a computer system: receivingindicating data from a sensing device, the sensing device generating theindicating data in response to sensing of coded data provided on or in asurface associated with the object, the indicating data being indicativeof: an identity of the object; and, at least part of a signature, thesignature being a digital signature of at least part of the identity;and, determining, using the indicating data, a received identity and areceived signature part; determining, using the received identity, atleast a determined signature part; comparing the determined signaturepart to the received signature part; and, authenticating the objectusing the results of the comparison.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, the method includes, in the computer system: generatingauthentication data indicative of success or failure of theauthentication; and, transferring the authentication data to a user.

Optionally, the method includes, in the computer system, transferringthe authentication data to the sensing device.

Optionally, the indicating data is further indicative of an identity ofthe signature part, and wherein the method includes, in the computersystem: determining, using the indicating data, a received signaturepart identity; determining, using the received identity, a determinedsignature; and, determining, using the determined signature and thereceived signature part identity, the determined signature part.

Optionally, the method includes, in the computer system, retrieving froma data store, using the received identity, stored data indicative of thedigital signature, the stored data including at least one of: paddingassociated with the signature; a private key; a public key; one or moredigital signature parts; and, the digital signature.

Optionally, the stored data is indexed by at least one of: the identity;and, a range of identities.

Optionally, the method includes, in the computer system, generating thedetermined signature part using the stored data and the receivedidentity.

Optionally, the method includes, in the computer system: generating,using the stored data and the received identity, a determined signature;selecting a part of the determined signature; and, comparing theselected signature part to the received signature part.

Optionally, the method includes, in the computer system: determining,using the indicating data, a received signature part identity;selecting, using the received signature part identity, part of thedetermined signature.

Optionally, the method includes, in the computer system, retrieving thestored data from a remote database.

Optionally, the signature is a digital signature of at least part of theidentity and at least part of predetermined padding, and wherein themethod includes, in the computer system: determining, using the receivedidentity, the predetermined padding; and, determining, using thepredetermined padding and the received identity, the determinedsignature part.

Optionally, the computer system forms part of the sensing device.

Optionally, the method includes, in the computer system, communicatingwith the sensing device via at least one of: a communications network;the Internet; a mobile phone network; and, a wireless connection.

Optionally, the indicating data is further indicative of at least oneof: a location of the respective data portion; a position of therespective data portion on the surface; a size of the data portions; asize of the signature; a size of the signature part; an identity of asignature part; units of indicated locations; redundant data; dataallowing error correction; Reed-Solomon data; and, Cyclic RedundancyCheck (CRC) data.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes an identity of at least one of: theobject; the surface; and, a region of the surface.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least one ofcurrency; issue country; denomination; note side; printing works; andserial number; a check attribute including at least one of: currency;issuing institution; account number; serial number; expiry date; checkvalue; and limit; and a card attribute including at least one of: cardtype; issuing institution; account number; issue date; expiry date; andlimit.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

Optionally, the coded data disposed on or in the surface of the objectincludes a number of coded data portions, each coded data portionencodes: an identity; and, at least part of a signature, the signaturebeing a digital signature of at least part of the identity.

Optionally, the coded data disposed on or in the surface of the objectincludes a number of coded data portions, each coded data portionencodes: an identity; and, at least part of a signature, the signaturebeing a digital signature of at least: part of the identity; and part ofpredetermined padding.

Optionally, the coded data disposed on or in the surface of the objectincludes a plurality of coded data portions, each coded data portionencodes: an identity; and, at least a fragment of a data object; thedata portions being arranged such that the entire data object is encodedat least once by the plurality of coded data portions.

Optionally, the method further includes: sensing the coded data providedon or in the surface associated with the object, the coded data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; determining, using the sensed coded data, a sensedidentity and a sensed signature part; determining, using the sensedidentity, at least a determined signature part; comparing the determinedsignature part to the sensed signature part; and, authenticating theobject using the results of the comparison.

Optionally, the method further includes, in a computer system: receivingfrom a sensing device, indicating data, the indicating data beinggenerated in response to sensing the coded data provided on or in thesurface associated with the object, the indicating data being indicativeof: an identity of the object; and, a plurality of signature fragments,the signature being a digital signature of at least part of theidentity; determining, using the indicating data, the identity and theplurality of signature fragments; determining, using the plurality ofsignature fragments, a determined signature; generating, using thedetermined signature and a key, a generated identity; comparing theidentity to the generated identity; and, authenticating the object usingthe results of the comparison.

Optionally, the method further including: sensing the coded dataprovided on or in the surface associated with the object; determining,from the sensed coded data: an identity of the object; and, a pluralityof signature fragments, the signature being a digital signature of atleast part of the identity; determining, using the plurality ofsignature fragments, a determined signature; generating, using thedetermined signature and a key, a generated identity; comparing theidentity to the generated identity; and, authenticating the object usingthe results of the comparison.

Optionally, a processor is used for authenticating the object, themethod including, in the processor: receiving indicating data, theindicating data being generated in response to sensing the coded dataprovided on or in the surface associated with the object, the indicatingdata being indicative of: an identity of the object; and, at least partof a signature, the signature being a digital signature of at least apart of the identity; determining from the indicating data, a receivedidentity and at least one received signature part; determining, usingthe received identity and a secret key, a determined signature;comparing the determined signature to the at least one receivedsignature part; and, authenticating the object using the results of thecomparison.

Optionally, a processor is used for authenticating the object, the codeddata includes a number of coded data portions, each coded data portionencodes: an identity of the object; and, a fragment of a signature, thesignature being a digital signature of at least part of the identity;the method including, in the processor: receiving indicating data, theindicating data being generated in response to sensing of a plurality ofcoded data portions, the indicating data being indicative of: theidentity of the object; and, a plurality of signature fragments;determining, from the indicating data, a received identity and aplurality of received signature fragments; determining, using theplurality of signature fragments and a secret key, a determinedidentity; comparing the determined identity to the received identity;and, authenticating the object using the results of the comparison.

In a sixth broad form the invention provides a method of authenticatingan object, the method including, in a sensing device: sensing coded dataprovided on or in a surface associated with the object; determining,from the sensed coded data, indicating data indicative of: an identityof the object; and, at least part of a signature, the signature being adigital signature of at least part of the identity; and, transferringthe indicating data to a computer system, the computer system beingresponsive to the indicating data to: determine, using the indicatingdata, a received identity and a received signature part; determine,using the received identity, at least a determined signature part;compare the determined signature part to the received signature part;and, authenticate the object using the results of the comparison.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, the coded data includes a number of coded data portions,each coded data portion encoding the identity and, at least part of thesignature, the method including sensing at least one data portion.

Optionally, the method includes, in the sensing device: receivingauthentication data indicative of success or failure of theauthentication; and, providing an indication of the success or failureof the authentication to a user.

Optionally, the entire signature is encoded within a plurality of dataportions, and wherein the method includes, in the sensing device:sensing a number of coded portions; and, generating indicating dataindicative of the entire signature.

Optionally, the coded data includes a plurality of layouts, each layoutdefining the position of a plurality of first symbols encoding theidentity, and a plurality of second symbols defining at least part ofthe signature.

Optionally, the coded data includes a plurality of tags, each coded dataportion being formed from at least one tag.

Optionally, the coded data is printed on the surface using at least oneof an invisible ink and an infrared-absorptive ink, and wherein themethod includes, in the sensing device, sensing the coded data using aninfrared detector.

Optionally, the computer system forms part of the sensing device.

Optionally, the method includes, in the sensing device, communicatingwith the computer system via at least one of: a communications network;the Internet; a mobile phone network; and, a wireless connection.

Optionally, method includes, in the sensing device, generatingindicating indicative of at least one of: a location of the respectivedata portion; a position of the respective data portion on the surface;a size of the data portions; a size of the signature; an identity of asignature fragment; units of indicated locations; redundant data; dataallowing error correction; Reed-Solomon data; and, Cyclic RedundancyCheck (CRC) data.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes an identity of at least one of: theobject; the surface; and, a region of the surface.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least oneof: currency; issue country; denomination; note side; printing works;and serial number; a check attribute including at least one of:currency; issuing institution; account number; serial number; expirydate; check value; and limit; and, a card attribute including at leastone of: card type; issuing institution; account number; issue date;expiry date; and limit.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

In a seventh broad form the invention provides a method ofauthenticating an object, the method including: sensing coded dataprovided on or in a surface associated with the object, the coded databeing indicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; and, determining, using the sensed coded data, a sensedidentity and a sensed signature part; determining, using the sensedidentity, at least a determined signature part; comparing the determinedsignature part to the sensed signature part; and, authenticating theobject using the results of the comparison.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, the method includes, generating an indication of success orfailure of the authentication.

Optionally, the coded data includes a plurality of coded data portions,each coded data portion encoding: an identity; and, at least a signaturefragment; wherein the method includes sensing at least one coded dataportion.

Optionally, the coded data is further indicative of an identity of thesignature part, and wherein the method includes: determining a signaturepart identity of the sensed signature part; determining, using thesensed identity, a determined signature; and, selecting, using signaturepart identity of the sensed signature part, and from the determinedsignature, the determined signature part.

Optionally, the method includes, retrieving from a data store, using thesensed identity, stored data indicative of the digital signature, thestored data including at least one of: padding associated with thesignature; a private key; a public key; one or more digital signatureparts; and, the digital signature.

Optionally, the stored data is indexed by at least one of: the identity;and, a range of identities.

Optionally, the method includes, determining the determined signaturepart using the stored data and the sensed identity.

Optionally, the method includes, retrieving the stored data from aremote database.

Optionally, the coded data includes a plurality of layouts, each layoutdefining the position of a plurality of first symbols encoding theidentity, and a plurality of second symbols defining at least onesignature part.

Optionally, the coded data includes a plurality of tags, each coded dataportion being formed from at least one tag.

Optionally, the coded data is printed on the surface using at least oneof an invisible ink and an infrared-absorptive ink, and wherein themethod includes, sensing the coded data using an infrared detector.

Optionally, the signature is a digital signature of at least part of theidentity and at least part of predetermined padding, and wherein themethod includes: determining, using the identity, the predeterminedpadding; and, generating, using the predetermined padding and thedetermined signature, the generated identity.

Optionally, the method is performed in a sensing device having: an imagesensor for sensing the coded data; and, a processor for authenticatingthe object.

Optionally, the indicating data is further indicative of at least oneof: a location of the respective data portion; a position of therespective data portion on the surface; a size of the data portions; asize of the signature; a size of the signature part; an identity of asignature part; units of indicated locations; redundant data; dataallowing error correction; Reed-Solomon data; and, Cyclic RedundancyCheck (CRC) data.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes an identity of at least one of: theobject; the surface; and, a region of the surface.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least oneof: currency; issue country; denomination; note side; printing works;and serial number; a check attribute including at least one of:currency; issuing institution; account number; serial number; expirydate; check value; and limit; and a card attribute including at leastone of: card type; issuing institution; account number; issue date;expiry date; and limit.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

Optionally, the coded data includes a number of coded data portions,each coded data portion encoding: an identity; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity.

Optionally, the coded data including a number of coded data portions,each coded data portion encoding: an identity; and, at least part of asignature, the signature being a digital signature of at least: part ofthe identity; and part of predetermined padding.

Optionally, the coded data includes a plurality of coded data portions,each coded data portion encodes: an identity; and, at least a fragmentof a data object; the data portions being arranged such that the entiredata object is encoded at least once by the plurality of coded dataportions.

Optionally, the coded data includes a number of coded data portions,each coded data portion encodes: an identity; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity.

Optionally, the method further including, in a computer system:receiving indicating data from a sensing device, the sensing devicegenerating the indicating data in response to sensing the coded dataprovided on or in the surface associated with the object, the indicatingdata being indicative of: an identity of the object; and, at least partof a signature, the signature being a digital signature of at least partof the identity; determining, using the indicating data, a receivedidentity and a received signature part; determining, using the receivedidentity, at least a determined signature part; comparing the determinedsignature part to the received signature part; and, authenticating theobject using the results of the comparison.

Optionally, the method further including, in a computer system:receiving from a sensing device, indicating data, the indicating databeing generated in response to sensing the coded data provided on or inthe surface associated with the object, the indicating data beingindicative of: an identity of the object; and, a plurality of signaturefragments, the signature being a digital signature of at least part ofthe identity; determining, using the indicating data, the identity andthe plurality of signature fragments; determining, using the pluralityof signature fragments, a determined signature; generating, using thedetermined signature and a key, a generated identity; comparing theidentity to the generated identity; and, authenticating the object usingthe results of the comparison.

Optionally, the method further includes: sensing the coded data providedon or in the surface associated with the object; determining, from thesensed coded data: an identity of the object; and, a plurality ofsignature fragments, the signature being a digital signature of at leastpart of the identity; determining, using the plurality of signaturefragments, a determined signature; generating, using the determinedsignature and a key, a generated identity; comparing the identity to thegenerated identity; and, authenticating the object using the results ofthe comparison.

Optionally, a processor is used in a method of authenticating theobject, the method including, in the processor: receiving indicatingdata, the indicating data being generated in response to sensing thecoded data provided on or in the surface associated with the object, theindicating data being indicative of: an identity of the object; and, atleast part of a signature, the signature being a digital signature of atleast a part of the identity; determining from the indicating data, areceived identity and at least one received signature part; determining,using the received identity and a secret key, a determined signature;comparing the determined signature to the at least one receivedsignature part; and, authenticating the object using the results of thecomparison.

Optionally, a processor is used to authenticate the object, the objectbeing associated with the surface having disposed thereon or therein thecoded data having a number of coded data portions, each coded dataportion encoding: an identity of the object; and, a fragment of asignature, the signature being a digital signature of at least part ofthe identity; the method including, in the processor: receivingindicating data, the indicating data being generated in response tosensing of a plurality of coded data portions, the indicating data beingindicative of: the identity of the object; and, a plurality of signaturefragments; determining, from the indicating data, a received identityand a plurality of received signature fragments; determining, using theplurality of signature fragments and a secret key, a determinedidentity; comparing the determined identity to the received identity;and, authenticating the object using the results of the comparison.

Optionally, the method is used by a device for authenticating theobject, the device including: a sensor for sensing the coded dataprovided on or in the surface associated with the object, the coded dataencoding: an identity; and, at least one part of a signature, thesignature being a digital signature of at least part of the identity; aprocessor for: determining, from the sensed coded data, a sensedidentity and at least one sensed signature part; authenticating theobject using the sensed identity and the at least one sensed signaturepart.

In an eighth broad form the invention provides a method ofauthenticating an object, the method including, in a computer system:receiving from a sensing device, indicating data, the indicating databeing generated in response to sensing of coded data provided on or in asurface associated with the object, the indicating data being indicativeof: an identity of the object; a plurality of signature fragments, thesignature being a digital signature of at least part of the identity;determining, using the indicating data, the identity and the pluralityof signature fragments; determining, using the plurality of signaturefragments, a determined signature; generating, using the determinedsignature and a key, a generated identity; comparing the identity to thegenerated identity; and, authenticating the object using the results ofthe comparison.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, the method includes, in the computer system: generatingauthentication data indicative of success or failure of theauthentication; and, transferring the authentication data to a user.

Optionally, the method includes, in the computer system, transferringthe authentication data to the sensing device.

Optionally, the indicating data is further indicative of the identity ofeach of the plurality of signature fragments, and wherein the methodincludes, in the computer system: determining, from the indicating data,the signature fragment identity of each of the plurality of signaturefragments; and, determining, using the determined signature fragmentidentities, the determined signature.

Optionally, the method includes, in the computer system: retrieving froma data store, using the received identity, stored data including atleast one of: padding associated with the signature; a private key; and,a public key; and, generating, using the stored data and the determinedsignature, the generated identity.

Optionally, the stored data is indexed by at least one of: the identity;and, a range of identities.

Optionally, the method includes, in the computer system, retrieving thestored data from a remote database.

Optionally, the signature is a digital signature of at least part of theidentity and at least part of predetermined padding, and wherein themethod includes, in the computer system: determining, using the receivedidentity, the predetermined padding; and, generating, using thepredetermined padding and the determined signature, the generatedidentity.

Optionally, the plurality of signature fragments are indicative of theentire signature.

Optionally, the computer system forms part of the sensing device.

Optionally, the method includes, in the computer system, communicatingwith the sensing device via at least one of:

-   -   a communications network; the Internet; a mobile phone network;        and, a wireless connection.

Optionally, the indicating data is further indicative of at least oneof: a location of the respective data portion; a position of therespective data portion on the surface; a size of the data portions; asize of the signature; a size of the signature fragment; an identity ofa signature fragment; units of indicated locations; redundant data; dataallowing error correction; Reed-Solomon data; and, Cyclic RedundancyCheck (CRC) data.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes an identity of at least one of: theobject; the surface; and, a region of the surface.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least oneof: currency; issue country; denomination; note side; printing works;and serial number; a check attribute including at least one of:currency; issuing institution; account number; serial number; expirydate; check value; and limit; and a card attribute including at leastone of: card type; issuing institution; account number; issue date;expiry date; and limit.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

Optionally, the coded includes a number of coded data portions, eachcoded data portion encoding: an identity; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity.

Optionally, the coded data includes a number of coded data portions,each coded data portion encodes: an identity; and, at least part of asignature, the signature being a digital signature of at least: part ofthe identity; and part of predetermined padding.

Optionally, the coded data includes a plurality of coded data portions,each coded data portion encodes: an identity; and, at least a fragmentof a data object; the data portions being arranged such that the entiredata object is encoded at least once by the plurality of coded dataportions.

Optionally, the coded data includes a number of coded data portions,each coded data portion encoding: an identity; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity.

Optionally, the method further includes, in a computer system: receivingindicating data from a sensing device, the sensing device generating theindicating data in response to sensing the coded data provided on or inthe surface associated with the object, the indicating data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; determining, using the indicating data, a receivedidentity and a received signature part; determining, using the receivedidentity, at least a determined signature part; comparing the determinedsignature part to the received signature part; and, authenticating theobject using the results of the comparison.

Optionally, the method further includes: sensing the coded data providedon or in the surface associated with the object, the coded data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; determining, using the sensed coded data, a sensedidentity and a sensed signature part; determining, using the sensedidentity, at least a determined signature part; comparing the determinedsignature part to the sensed signature part; and, authenticating theobject using the results of the comparison.

Optionally, the method further includes: sensing the coded data providedon or in the surface associated with the object; determining, from thesensed coded data: an identity of the object; and, a plurality ofsignature fragments, the signature being a digital signature of at leastpart of the identity; determining, using the plurality of signaturefragments, a determined signature; generating, using the determinedsignature and a key, a generated identity; comparing the identity to thegenerated identity; and, authenticating the object using the results ofthe comparison.

Optionally, a processor is used to authenticate the object, the methodfurther including, in the processor: receiving indicating data, theindicating data being generated in response to sensing the coded dataprovided on or in the surface associated with the object, the indicatingdata being indicative of: an identity of the object; and, at least partof a signature, the signature being a digital signature of at least apart of the identity; determining from the indicating data, a receivedidentity and at least one received signature part; determining, usingthe received identity and a secret key, a determined signature;comparing the determined signature to the at least one receivedsignature part; and, authenticating the object using the results of thecomparison.

Optionally, a processor is used to authenticate the object, the codeddata having a number of coded data portions, each coded data portionencoding: an identity of the object; and, a fragment of a signature, thesignature being a digital signature of at least part of the identity;the method including, in the processor: receiving indicating data, theindicating data being generated in response to sensing of a plurality ofcoded data portions, the indicating data being indicative of: theidentity of the object; and, a plurality of signature fragments;determining, from the indicating data, a received identity and aplurality of received signature fragments; determining, using theplurality of signature fragments and a secret key, a determinedidentity; comparing the determined identity to the received identity;and, authenticating the object using the results of the comparison.

Optionally, the method is used by a device for authenticating theobject, the device including: a sensor for sensing coded data providedon or the a surface associated with the object, the coded data encoding:an identity; and, at least one part of a signature, the signature beinga digital signature of at least part of the identity; a processor for:determining, from the sensed coded data, a sensed identity and at leastone sensed signature part; authenticating the object using the sensedidentity and the at least one sensed signature part.

In a ninth broad form the invention provides a method of authenticatingan object, the method including, in a sensing device: sensing coded dataprovided on a surface associated with the object; determining, from thesensed coded data, indicating data indicative of: an identity of theobject; a plurality of signature fragments, the signature being adigital signature of at least part of the identity; transferring theindicating data to a computer system, the computer system beingresponsive to the indicating data to: determine, using the indicatingdata, the identity and the plurality of signature fragments; determine,using the plurality of signature fragments, a determined signature;generate, using the determined signature and a key, a generatedidentity; compare the identity to the generated identity; and,authenticate the object using the results of the comparison.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, the method includes, in the sensing device: receivingauthentication data indicative of success or failure of theauthentication; and, providing an indication of the success or failureof the authentication to a user.

Optionally, the coded data includes a plurality of coded data portions,each coded data portion encoding: an identity; and, at least a signaturefragment; wherein the method includes, in the sensing device, sensing aplurality of coded data portions to thereby determine indicating data.

Optionally, each coded data portion encodes a signature fragmentidentity, and wherein the method includes, in the sensing device:determining the signature fragment identity of each determined signaturefragment; and, generating the indicating data, using the determinedsignature fragment identities, the determined signature.

Optionally, the plurality of signature fragments are indicative of theentire signature.

Optionally, the coded data includes a plurality of layouts, each layoutdefining the position of a plurality of first symbols encoding theidentity, and a plurality of second symbols defining at least onesignature fragment.

Optionally, the coded data includes a plurality of tags, each coded dataportion being formed from at least one tag.

Optionally, the coded data is printed on the surface using at least oneof an invisible ink and an infrared-absorptive ink, and wherein themethod includes, in the sensing device, sensing the coded data using aninfrared detector.

Optionally, the computer system forms part of the sensing device.

Optionally, the method includes, in the sensing device, communicatingwith the computer system via at least one of: a communications network;the Internet; a mobile phone network; and, a wireless connection.

Optionally, the method includes, in the sensing device, generatingindicating indicative of at least one of: a location of the respectivedata portion; a position of the respective data portion on the surface;a size of the data portions; a size of the signature; a size of thesignature fragment; an identity of a signature fragment; units ofindicated locations; redundant data; data allowing error correction;Reed-Solomon data; and, Cyclic Redundancy Check (CRC) data.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes an identity of at least one of: theobject; the surface; and, a region of the surface.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least oneof: currency; issue country; denomination; note side; printing works;and serial number; a check attribute including at least one of:currency; issuing institution; account number; serial number; expirydate; check value; and limit; and, a card attribute including at leastone of: card type; issuing institution; account number; issue date;expiry date; and limit.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

In a tenth broad form the invention provides a method of authenticatingan object, the method including: sensing coded data provided on or in asurface associated with the object; determining, from the sensed codeddata: an identity of the object; a plurality of signature fragments, thesignature being a digital signature of at least part of the identity;determining, using the plurality of signature fragments, a determinedsignature; generating, using the determined signature and a key, agenerated identity; comparing the identity to the generated identity;and, authenticating the object using the results of the comparison.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, the method includes, generating an indication of success orfailure of the authentication.

Optionally, the coded data includes a plurality of coded data portions,each coded data portion encoding: an identity; and, at least a signaturefragment; wherein the method includes sensing a plurality of coded dataportions to thereby determine the plurality of signature fragments.

Optionally, each coded data portion encodes a signature fragmentidentity, and wherein the method includes: determining the signaturefragment identity of each determined signature fragment; and,determining, using the determined signature fragment identities, thedetermined signature.

Optionally, the coded data includes a plurality of layouts, each layoutdefining the position of a plurality of first symbols encoding theidentity, and a plurality of second symbols defining at least onesignature fragment.

Optionally, the coded data includes a plurality of tags, each coded dataportion being formed from at least one tag.

Optionally, the coded data is printed on the surface using at least oneof an invisible ink and an infrared-absorptive ink, and wherein themethod includes, sensing the coded data using an infrared detector.

Optionally, the plurality of signature fragments are indicative of theentire signature.

Optionally, the method includes: retrieving from a data store, using theidentity, stored data indicative of at least one of: padding associatedwith the signature; a private key; and, a public key; and, generating,using the stored data and the determined signature, the generatedidentity.

Optionally, the stored data is indexed by at least one of: the identity;and, a range of identities.

Optionally, the method includes, retrieving the stored data from aremote database.

Optionally, the signature is a digital signature of at least part of theidentity and at least part of predetermined padding, and wherein themethod includes: determining, using the identity, the predeterminedpadding; and, generating, using the predetermined padding and thedetermined signature, the generated identity.

Optionally, the method includes, in a sensing device: using a sensor,sensing the coded data; using a processor: determining, from the sensedcoded data: the identity of the object; the plurality of signaturefragments, the signature being a digital signature of at least part ofthe identity; determining, using the plurality of signature fragments,the determined signature; generating, using the determined signature andthe key, the generated identity; comparing the identity to the generatedidentity; and, authenticating the object using the results of thecomparison.

Optionally, the indicating data is further indicative of at least oneof: a location of the respective data portion; a position of therespective data portion on the surface; a size of the data portions; asize of the signature; a size of the signature fragment; an identity ofa signature fragment; units of indicated locations; redundant data; dataallowing error correction; Reed-Solomon data; and, Cyclic RedundancyCheck (CRC) data.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes an identity of at least one of: theobject; the surface; and, a region of the surface.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least oneof: currency; issue country; denomination; note side; printing works;and serial number; a check attribute including at least one of:currency; issuing institution; account number; serial number; expirydate; check value; and limit; and a card attribute including at leastone of: card type; issuing institution; account number; issue date;expiry date; and limit.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

Optionally, the coded includes a number of coded data portions, eachcoded data portion encoding: an identity; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity.

Optionally, the coded data includes a number of coded data portions,each coded data portion encodes: an identity; and, at least part of asignature, the signature being a digital signature of at least: part ofthe identity; and part of predetermined padding.

Optionally, the coded data includes a plurality of coded data portions,each coded data portion encodes: an identity; and, at least a fragmentof a data object; the data portions being arranged such that the entiredata object is encoded at least once by the plurality of coded dataportions.

Optionally, the coded data includes a number of coded data portions,each coded data portion encoding: an identity; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity.

Optionally, the method further includes, in a computer system: receivingindicating data from a sensing device, the sensing device generating theindicating data in response to sensing the coded data provided on or inthe surface associated with the object, the indicating data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; determining, using the indicating data, a receivedidentity and a received signature part; determining, using the receivedidentity, at least a determined signature part; comparing the determinedsignature part to the received signature part; and, authenticating theobject using the results of the comparison.

Optionally, the method further includes: sensing the coded data providedon or in the surface associated with the object, the coded data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; determining, using the sensed coded data, a sensedidentity and a sensed signature part; determining, using the sensedidentity, at least a determined signature part; comparing the determinedsignature part to the sensed signature part; and, authenticating theobject using the results of the comparison.

Optionally, the method including, in a computer system: receiving from asensing device, indicating data, the indicating data being generated inresponse to sensing the coded data provided on or in the surfaceassociated with the object, the indicating data being indicative of: anidentity of the object; and, a plurality of signature fragments, thesignature being a digital signature of at least part of the identity;determining, using the indicating data, the identity and the pluralityof signature fragments; determining, using the plurality of signaturefragments, a determined signature; generating, using the determinedsignature and a key, a generated identity; comparing the identity to thegenerated identity; and, authenticating the object using the results ofthe comparison.

Optionally, a processor is used to authenticate the object, the methodfurther including, in the processor: receiving indicating data, theindicating data being generated in response to sensing the coded dataprovided on or in the surface associated with the object, the indicatingdata being indicative of: an identity of the object; and, at least partof a signature, the signature being a digital signature of at least apart of the identity; determining from the indicating data, a receivedidentity and at least one received signature part; determining, usingthe received identity and a secret key, a determined signature;comparing the determined signature to the at least one receivedsignature part; and, authenticating the object using the results of thecomparison.

Optionally, a processor is used to authenticate the object, the codeddata having a number of coded data portions, each coded data portionencoding: an identity of the object; and, a fragment of a signature, thesignature being a digital signature of at least part of the identity;the method including, in the processor: receiving indicating data, theindicating data being generated in response to sensing of a plurality ofcoded data portions, the indicating data being indicative of: theidentity of the object; and, a plurality of signature fragments;determining, from the indicating data, a received identity and aplurality of received signature fragments; determining, using theplurality of signature fragments and a secret key, a determinedidentity; comparing the determined identity to the received identity;and, authenticating the object using the results of the comparison.

Optionally, the method is used by a device for authenticating theobject, the device including: a sensor for sensing coded data providedon or the a surface associated with the object, the coded data encoding:an identity; and, at least one part of a signature, the signature beinga digital signature of at least part of the identity; a processor for:determining, from the sensed coded data, a sensed identity and at leastone sensed signature part; authenticating the object using the sensedidentity and the at least one sensed signature part.

In an eleventh broad form the invention provides a method ofauthenticating an object using a processor, the method including, in theprocessor: receiving indicating data, the indicating data beinggenerated in response to sensing of coded data provided on or in asurface associated with the object, the indicating data being indicativeof: an identity of the object; and, at least part of a signature, thesignature being a digital signature of at least a part of the identity;determining from the indicating data, a received identity and at leastone received signature part; determining, using the received identityand a secret key, a determined signature; comparing the determinedsignature to the at least one received signature part; and,authenticating the object using the results of the comparison.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, the method includes, in the processor: generatingauthentication data indicative of success or failure of theauthentication; and, transferring the authentication data to a user.

Optionally, the method includes, in the processor, transferring theauthentication data to a sensing device.

Optionally, the indicating data is further indicative of an identity ofthe signature part, and wherein the method includes, in the processor:determining, using the indicating data, a received signature partidentity; selecting, using the received identity, a part of thedetermined signature; and, authenticating the object by comparing thedetermined signature part and the at least one received signature part.

Optionally, the method includes, in the processor, retrieving from adata store, using the received identity, stored data indicative of thedigital signature, the stored data including at least one of: paddingassociated with the signature; a private key; a public key; one or moredigital signature parts; and, the digital signature.

Optionally, the method includes, in the processor, generating thedetermined signature part using the stored data and the receivedidentity.

Optionally, the coded data is printed on the surface using at least oneof an invisible ink and an infrared-absorptive ink, and wherein themethod includes, sensing the coded data using an infrared detector.

Optionally, the signature is a digital signature of at least part of theidentity and at least part of predetermined padding, and wherein themethod includes, in the processor: determining, using the receivedidentity, the predetermined padding; and, determining, using thepredetermined padding and the received identity, the determinedsignature part.

Optionally, the processor forms part of a sensing device, and whereinthe method includes, receiving the indicating data from a sensor in thesensing device.

Optionally, the processor communicates with a sensing device whichgenerates the indicating data, and wherein the method includes,receiving the indicating data from the sensing device.

Optionally, the method includes, in the processor, communicating withthe sensing device via at least one of: a communications network; theInternet; a mobile phone network; and, a wireless connection.

Optionally, the indicating data is further indicative of at least oneof: a location of the respective data portion; a position of therespective data portion on the surface; a size of the data portions; asize of the signature; a size of the signature part; an identity of asignature part; units of indicated locations; redundant data; dataallowing error correction; Reed-Solomon data; and, Cyclic RedundancyCheck (CRC) data.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes an identity of at least one of: theobject; the surface; and, a region of the surface.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least oneof: currency; issue country; denomination; note side; printing works;and serial number; a check attribute including at least one of:currency; issuing institution; account number; serial number; expirydate; check value; and limit; and a card attribute including at leastone of: card type; issuing institution; account number; issue date;expiry date; and limit.

Optionally, the processor determines the determined signature bycommunicating with a second processor which generates the determinedsignature using the received identity and the secret key.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

Optionally, the coded data includes a plurality of layouts, each layoutdefining the position of a plurality of first symbols encoding theidentity, and a plurality of second symbols defining at least onesignature part.

Optionally, the stored data is indexed by at least one of: the identity;and, a range of identities.

Optionally, the method includes, in the processor, retrieving the storeddata from a remote database.

Optionally, the coded includes a number of coded data portions, eachcoded data portion encoding: an identity; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity.

Optionally, the coded data includes a number of coded data portions,each coded data portion encodes: an identity; and, at least part of asignature, the signature being a digital signature of at least: part ofthe identity; and part of predetermined padding.

Optionally, the coded data includes a plurality of coded data portions,each coded data portion encodes: an identity; and, at least a fragmentof a data object; the data portions being arranged such that the entiredata object is encoded at least once by the plurality of coded dataportions.

Optionally, the method further includes, in a computer system: receivingindicating data from a sensing device, the sensing device generating theindicating data in response to sensing the coded data provided on or inthe surface associated with the object, the indicating data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; determining, using the indicating data, a receivedidentity and a received signature part; determining, using the receivedidentity, at least a determined signature part; comparing the determinedsignature part to the received signature part; and, authenticating theobject using the results of the comparison.

Optionally, the method further includes: sensing the coded data providedon or in the surface associated with the object, the coded data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; determining, using the sensed coded data, a sensedidentity and a sensed signature part; determining, using the sensedidentity, at least a determined signature part; comparing the determinedsignature part to the sensed signature part; and, authenticating theobject using the results of the comparison.

Optionally, the method including, in a computer system: receiving from asensing device, indicating data, the indicating data being generated inresponse to sensing the coded data provided on or in the surfaceassociated with the object, the indicating data being indicative of: anidentity of the object; and, a plurality of signature fragments, thesignature being a digital signature of at least part of the identity;determining, using the indicating data, the identity and the pluralityof signature fragments; determining, using the plurality of signaturefragments, a determined signature; generating, using the determinedsignature and a key, a generated identity; comparing the identity to thegenerated identity; and, authenticating the object using the results ofthe comparison.

Optionally, wherein the method further includes: sensing the coded dataprovided on or in the surface associated with the object; determining,from the sensed coded data: an identity of the object; and, a pluralityof signature fragments, the signature being a digital signature of atleast part of the identity; determining, using the plurality ofsignature fragments, a determined signature; generating, using thedetermined signature and a key, a generated identity; comparing theidentity to the generated identity; and, authenticating the object usingthe results of the comparison.

Optionally, a processor is used to authenticate the object, the codeddata having a number of coded data portions, each coded data portionencoding: an identity of the object; and, a fragment of a signature, thesignature being a digital signature of at least part of the identity;the method including, in the processor: receiving indicating data, theindicating data being generated in response to sensing of a plurality ofcoded data portions, the indicating data being indicative of: theidentity of the object; and, a plurality of signature fragments;determining, from the indicating data, a received identity and aplurality of received signature fragments; determining, using theplurality of signature fragments and a secret key, a determinedidentity; comparing the determined identity to the received identity;and, authenticating the object using the results of the comparison.

Optionally, the method is used by a device for authenticating theobject, the device including: a sensor for sensing coded data providedon or the a surface associated with the object, the coded data encoding:an identity; and, at least one part of a signature, the signature beinga digital signature of at least part of the identity; a processor for:determining, from the sensed coded data, a sensed identity and at leastone sensed signature part; and, authenticating the object using thesensed identity and the at least one sensed signature part.

In a twelfth broad form the invention provides a method ofauthenticating an object using a processor, the method including, in asensing device: sensing coded data provided on or in a surfaceassociated with the object; determining, from the sensed coded data,indicating data indicative of: an identity of the object; and, at leastpart of a signature, the signature being a digital signature of at leasta part of the identity; providing the indicating data to the processor,the processor being responsive to the indicating data to: generate,using the identity and a secret key, the signature; compare thedetermined signature to the at least part of the signature; and,authenticate the object using the results of the comparison.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

In a thirteenth broad form the invention provides a processor forauthenticating an object, the object being associated with a surfacehaving disposed thereon or therein coded data indicative of: an identityof the object; and, at least part of a signature, the signature beingindicative of a digital signature of at least part of the identitywherein the processor: receives indicating data, the indicating databeing generated in response to sensing of the coded data, the indicatingdata being indicative of the identity and at least part of thesignature; determines, using the indicating data, the identity and theat least part of the signature; generates, using the determined identityand a secret key, a determined signature; compares the determinedsignature to the at least part of the signature; and, authenticates theobject using the results of the comparison.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, the coded data includes a plurality of tags, each coded dataportion being formed from at least one tag.

Optionally, the coded data includes a number of coded data portions,each coded data portion encoding the identity and, at least part of thesignature, the method including sensing at least one data portion.

Optionally, the method includes, in the sensing device: receivingauthentication data indicative of success or failure of theauthentication; and, providing an indication of the success or failureof the authentication to a user.

Optionally, the entire signature is encoded within a plurality of dataportions, and wherein the method includes, in the sensing device:sensing a number of coded portions; and, generating indicating dataindicative of the entire signature.

Optionally, the coded data includes a plurality of layouts, each layoutdefining the position of a plurality of first symbols encoding theidentity, and a plurality of second symbols defining at least part ofthe signature.

Optionally, the coded data includes a plurality of tags, each coded dataportion being formed from at least one tag.

Optionally, the coded data is printed on the surface using at least oneof an invisible ink and an infrared-absorptive ink, and wherein themethod includes, in the sensing device, sensing the coded data using aninfrared detector.

Optionally, the processor forms part of the sensing device.

Optionally, the method includes, in the sensing device, communicatingwith the processor via at least one of: a communications network; theInternet; a mobile phone network; and, a wireless connection.

Optionally, method includes, in the sensing device, generatingindicating indicative of at least one of: a location of the respectivedata portion; a position of the respective data portion on the surface;a size of the data portions; a size of the signature; an identity of asignature fragment; units of indicated locations; redundant data; dataallowing error correction; Reed-Solomon data; and, Cyclic RedundancyCheck (CRC) data.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes an identity of at least one of: theobject; the surface; and, a region of the surface.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least oneof: currency; issue country; denomination; note side; printing works;and serial number; a check attribute including at least one of:currency; issuing institution; account number; serial number; expirydate; check value; and limit; and, a card attribute including at leastone of: card type; issuing institution; account number; issue date;expiry date; and limit.

Optionally, the processor determines the determined signature bycommunicating with a second processor which generates the determinedsignature using the received identity and the secret key.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

Optionally, the processor: generates authentication data indicative ofsuccess or failure of the authentication; and, transfers theauthentication data to a user.

Optionally, the processor transfers the authentication data to a sensingdevice.

Optionally, the indicating data is further indicative of an identity ofthe signature part, and wherein the processor: determines, using theindicating data, a received signature part identity; selects, using thereceived identity, a part of the determined signature; and,authenticates the object by comparing the determined signature part andthe at least one received signature part.

Optionally, the processor retrieves from a data store, using thereceived identity, stored data indicative of the digital signature, thestored data including at least one of: padding associated with thesignature; a private key; a public key; one or more digital signatureparts; and, the digital signature.

Optionally, the stored data is indexed by at least one of: the identity;and, a range of identities.

Optionally, the processor, generates the determined signature part usingthe stored data and the received identity.

Optionally, the processor retrieves the stored data from a remotedatabase.

Optionally, the signature is a digital signature of at least part of theidentity and at least part of predetermined padding, and wherein theprocessor: determines, using the received identity, the predeterminedpadding; and, determines, using the predetermined padding and thereceived identity, the determined signature part.

Optionally, the processor forms part of a sensing device.

Optionally, the processor communicates with a sensing device whichgenerates the indicating data, and wherein the processor receives theindicating data from the sensing device.

Optionally, processor communicates with the sensing device via at leastone of: a communications network; the Internet; a mobile phone network;and, a wireless connection.

Optionally, the indicating data is further indicative of at least oneof: a location of the respective data portion; a position of therespective data portion on the surface; a size of the data portions; asize of the signature; a size of the signature part; an identity of asignature part; units of indicated locations; redundant data; dataallowing error correction; Reed-Solomon data; and, Cyclic RedundancyCheck (CRC) data.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes an identity of at least one of: theobject; the surface; and, a region of the surface.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least oneof: currency; issue country; denomination; note side; printing works;and serial number; a check attribute including at least one of:currency; issuing institution; account number; serial number; expirydate; check value; and limit; and a card attribute including at leastone of: card type; issuing institution; account number; issue date;expiry date; and limit.

Optionally, the processor determines the determined signature bycommunicating with a second processor which generates the determinedsignature using the received identity and the secret key.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

In a fourteenth broad form the invention provides a method ofauthenticating an object using a processor, the object being associatedwith a surface having disposed thereon or therein coded data having anumber of coded data portions, each coded data portion encoding: anidentity of the object; and, a fragment of a signature, the signaturebeing a digital signature of at least part of the identity the methodincluding, in the processor: receiving from a sensing device, indicatingdata, the indicating data being generated in response to sensing of aplurality of coded data portions, the indicating data being indicativeof the identity of the object; and, a plurality of signature fragments;determining, from the indicating data, a received identity and aplurality of received signature fragments; determining, using theplurality of signature fragments and a secret key, a determinedidentity; comparing the determined identity to the received identity;and, authenticating the object using the results of the comparison.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, the method includes, in the processor: generatingauthentication data indicative of success or failure of theauthentication; and, transferring the authentication data to a user.

Optionally, the method includes, in the processor, transferring theauthentication data to a sensing device.

Optionally, the indicating data is further indicative of an identity ofeach signature fragment, and wherein the method includes, in theprocessor: determining, using the indicating data, a received signaturefragment identity for each received signature fragment; and,determining, using the received signature fragment identity for eachreceived signature fragment, a determined signature; and, determining,using the determined signature and the secret key, the determinedidentity.

Optionally, the method includes, in the processor, retrieving from adata store, using the received identity, stored data indicative of thedigital signature, the stored data including at least one of: paddingassociated with the signature; a private key; a public key; one or moredigital signature fragments; and, the digital signature.

Optionally, the method includes, in the processor, determining thedetermined identity using the stored data and the received signaturefragments.

Optionally, the coded data is printed on the surface using at least oneof an invisible ink and an infrared-absorptive ink, and wherein themethod includes, sensing the coded data using an infrared detector.

Optionally, the signature is a digital signature of at least part of theidentity and at least part of predetermined padding, and wherein themethod includes, in the processor: determining, using the receivedidentity, the predetermined padding; and, determining, using thepredetermined padding and the received signature fragments, thedetermined identity.

Optionally, the processor forms part of a sensing device, and whereinthe method includes, receiving the indicating data from a sensor in thesensing device.

Optionally, the processor communicates with a sensing device whichgenerates the indicating data, and wherein the method includes,receiving the indicating data from the sensing device.

Optionally, the indicating data is further indicative of at least oneof: a location of the respective data portion; a position of therespective data portion on the surface, a size of the data portions; asize of the signature; a size of the signature fragment; an identity ofa signature fragment; units of indicated locations; redundant data; dataallowing error correction; Reed-Solomon data; and, Cyclic RedundancyCheck (CRC) data.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes an identity of at least one of: theobject; the surface; and, a region of the surface.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least oneof: currency; issue country; denomination; note side; printing works;and serial number; a check attribute including at least one of:currency; issuing institution; account number; serial number; expirydate; check value; and limit; and a card attribute including at leastone of: card type; issuing institution; account number; issue date;expiry date; and limit.

Optionally, the indicating data is indicative of the entire signature.

Optionally, the processor determines the determined identity bycommunicating with a second processor which generates the determinedidentity using the received signature fragments and the secret key.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

Optionally, the stored data is indexed by at least one of: the identity;and, a range of identities.

Optionally, the coded data includes a plurality of layouts, each layoutdefining the position of a plurality of first symbols encoding theidentity, and a plurality of second symbols defining at least onesignature fragment.

Optionally, the method includes, in the processor, retrieving the storeddata from a remote database.

Optionally, the coded data includes a plurality of tags, each coded dataportion being formed from at least one tag.

Optionally, the method includes, in the processor, communicating withthe sensing device via at least one of: a communications network; theInternet; a mobile phone network; and, a wireless connection.

Optionally, the coded includes a number of coded data portions, eachcoded data portion encoding: an identity; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity.

Optionally, the coded data includes a number of coded data portions,each coded data portion encodes: an identity; and, at least part of asignature, the signature being a digital signature of at least: part ofthe identity; and part of predetermined padding.

Optionally, the coded data includes a plurality of coded data portions,each coded data portion encodes: an identity; and, at least a fragmentof a data object; the data portions being arranged such that the entiredata object is encoded at least once by the plurality of coded dataportions.

Optionally, the method further includes, in a computer system: receivingindicating data from a sensing device, the sensing device generating theindicating data in response to sensing the coded data provided on or inthe surface associated with the object, the indicating data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; determining, using the indicating data, a receivedidentity and a received signature part; determining, using the receivedidentity, at least a determined signature part; comparing the determinedsignature part to the received signature part; and, authenticating theobject using the results of the comparison.

Optionally, the method further includes: sensing the coded data providedon or in the surface associated with the object, the coded data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity; determining, using the sensed coded data, a sensedidentity and a sensed signature part; determining, using the sensedidentity, at least a determined signature part; comparing the determinedsignature part to the sensed signature part; and, authenticating theobject using the results of the comparison.

Optionally, the method including, in a computer system: receiving from asensing device, indicating data, the indicating data being generated inresponse to sensing the coded data provided on or in the surfaceassociated with the object, the indicating data being indicative of: anidentity of the object; and, a plurality of signature fragments, thesignature being a digital signature of at least part of the identity;determining, using the indicating data, the identity and the pluralityof signature fragments; determining, using the plurality of signaturefragments, a determined signature; generating, using the determinedsignature and a key, a generated identity; comparing the identity to thegenerated identity; and, authenticating the object using the results ofthe comparison.

Optionally, the method further includes: sensing the coded data providedon or in the surface associated with the object; determining, from thesensed coded data: an identity of the object; and, a plurality ofsignature fragments, the signature being a digital signature of at leastpart of the identity; determining, using the plurality of signaturefragments, a determined signature; generating, using the determinedsignature and a key, a generated identity; comparing the identity to thegenerated identity; and, authenticating the object using the results ofthe comparison.

Optionally, a processor is used to authenticate the object, the methodincluding, in the processor: receiving indicating data, the indicatingdata being generated in response to sensing the coded data provided onor in the surface associated with the object, the indicating data beingindicative of: an identity of the object; and, at least part of asignature, the signature being a digital signature of at least a part ofthe identity; determining from the indicating data, a received identityand at least one received signature part; determining, using thereceived identity and a secret key, a determined signature; comparingthe determined signature to the at least one received signature part;and, authenticating the object using the results of the comparison.

Optionally, the method is used by a device for authenticating theobject, the device including: a sensor for sensing coded data providedon or the a surface associated with the object, the coded data encoding:an identity; and, at least one part of a signature, the signature beinga digital signature of at least part of the identity; a processor for:determining, from the sensed coded data, a sensed identity and at leastone sensed signature part; and, authenticating the object using thesensed identity and the at least one sensed signature part.

In a fifteenth broad form the invention provides a processor forauthenticating an object, the object being associated with a surfacehaving disposed thereon or therein coded data having a number of codeddata portions, each coded data portion encoding: an identity of theobject; and, a fragment of a signature, the signature being indicativeof a digital signature of at least part of the identity wherein theprocessor: receives indicating data from a sensing device, the sensingdevice generating the indicating data in response to sensing a pluralityof coded data portions, the indicating data being indicative of: theidentity of the object; and, a plurality of signature fragments;determines, from the indicating data, a received identity and aplurality of received signature fragments; determines, using theplurality of signature fragments and a secret key, a determinedidentity; compares the determined identity to the received identity;and, authenticates the object using the results of the comparison.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, the processor: generates authentication data indicative ofsuccess or failure of the authentication; and, transfers theauthentication data to a user.

Optionally, the processor transfers the authentication data to a sensingdevice.

Optionally, the indicating data is further indicative of an identity ofeach signature fragment, and wherein the processor: determines, usingthe indicating data, a received signature fragment identity for eachreceived signature fragment; and, determines, using the receivedsignature fragment identity for each received signature fragment, adetermined signature; and, determines, using the determined signatureand the secret key, the determined identity.

Optionally, the processor retrieves from a data store, using thereceived identity, stored data indicative of the digital signature, thestored data including at least one of: padding associated with thesignature; a private key; a public key; one or more digital signaturefragments; and, the digital signature.

Optionally, the stored data is indexed by at least one of: the identity;and, a range of identities.

Optionally, the processor determines the determined identity using thestored data and the received signature fragments.

Optionally, the processor retrieves the stored data from a remotedatabase.

Optionally, the signature is a digital signature of at least part of theidentity and at least part of predetermined padding, and wherein theprocessor: determines, using the received identity, the predeterminedpadding; and, determines, using the predetermined padding and thereceived signature fragments, the determined identity.

Optionally, the processor forms part of a sensing device.

Optionally, the processor communicates with a sensing device whichgenerates the indicating data, and wherein the processor receives theindicating data from the sensing device.

Optionally, processor communicates with the sensing device via at leastone of: a communications network; the Internet; a mobile phone network;and, a wireless connection.

Optionally, the indicating data is further indicative of at least oneof: a location of the respective data portion; a position of therespective data portion on the surface; a size of the data portions; asize of the signature; a size of the signature fragment; an identity ofa signature fragment; units of indicated locations; redundant data; dataallowing error correction; Reed-Solomon data; and, Cyclic RedundancyCheck (CRC) data.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes an identity of at least one of: theobject; the surface; and, a region of the surface.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least oneof: currency; issue country; denomination; note side; printing works;and serial number; a check attribute including at least one of:currency; issuing institution; account number; serial number; expirydate; check value; and limit; and a card attribute including at leastone of: card type; issuing institution; account number; issue date;expiry date; and limit.

Optionally, the processor determines the determined identity bycommunicating with a second processor which generates the determinedidentity using the received signature fragments and the secret key.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

In a sixteenth broad form the invention provides a method ofauthenticating an object using a processor, the object being associatedwith a surface having disposed thereon or therein coded data having anumber of coded data portions, each coded data portion encoding: anidentity of the object; and, a fragment of a signature, the signaturebeing a digital signature of at least part of the identity the methodincluding, in a sensing device: sensing a plurality of coded dataportions; determining, from the sensed coded data portions, indicatingdata indicative of: the identity of the object; and, a plurality ofsignature fragments; providing the indicating data to the processor, theprocessor being responsive to the indicating data to: determine, fromthe indicating data, a received identity and a plurality of receivedsignature fragments; determine, using the plurality of signaturefragments and a secret key, a determined identity; compare thedetermined identity to the received identity; and, authenticate theobject using the results of the comparison.

Optionally, the method includes, in the sensing device: receivingauthentication data indicative of success or failure of theauthentication; and, providing an indication of the success or failureof the authentication to a user.

Optionally, the entire signature is encoded within a plurality of dataportions, and wherein the method includes, in the sensing device:sensing a number of coded portions; and, generating indicating dataindicative of the entire signature.

Optionally, the coded data includes a plurality of layouts, each layoutdefining the position of a plurality of first symbols encoding theidentity, and a plurality of second symbols defining at least onesignature fragment.

Optionally, the coded data includes a plurality of tags, each coded dataportion being formed from at least one tag.

Optionally, the coded data is printed on the surface using at least oneof an invisible ink and an infrared-absorptive ink, and wherein themethod includes, in the sensing device, sensing the coded data using aninfrared detector.

Optionally, the processor forms part of the sensing device.

Optionally, the method includes, in the sensing device, communicatingwith the processor via at least one of: a communications network; theInternet; a mobile phone network; and, a wireless connection.

Optionally, method includes, in the sensing device, generatingindicating indicative of at least one of: a location of the respectivedata portion; a position of the respective data portion on the surface;a size of the data portions; a size of the signature; an identity of asignature fragment; units of indicated locations; redundant data; dataallowing error correction; Reed-Solomon data; and, Cyclic RedundancyCheck (CRC) data.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes an identity of at least one of: theobject; the surface; and, a region of the surface.

Optionally, the identity includes at least one of: an Electronic ProductCode (EPC); a National Drug Code (NDC) number; a serial number of apharmaceutical item; a currency note attribute including at least oneof: currency; issue country; denomination; note side; printing works;and serial number; a check attribute including at least one of:currency; issuing institution; account number; serial number; expirydate; check value; and limit; and, a card attribute including at leastone of: card type; issuing institution; account number; issue date;expiry date; and limit.

Optionally, the processor determines the determined signature bycommunicating with a second processor which generates the determinedsignature using the received identity and the secret key.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

In a seventeenth broad form the invention provides a device forauthenticating an object, the device including: a sensor for sensingcoded data provided on or in a surface associated with the object, thecoded data encoding: an identity; and, at least one part of a signature,the signature being a digital signature of at least part of theidentity; a processor for: determining, from the sensed coded data, asensed identity and at least one sensed signature part; authenticatingthe object using the determined identity and the at least one sensedsignature part.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, the device includes, an indicator for indicating success orfailure of the authentication.

Optionally, the processor is for: determining, using the sensedidentity, at least a determined signature part; comparing the determinedsignature part to the sensed signature part; and, authenticating theobject using the results of the comparison.

Optionally, the processor is for: determining, using the sensed identityand a key, at least a determined signature part; comparing thedetermined signature part to the sensed signature part; and,authenticating the object using the results of the comparison.

Optionally, the processor is for: determining, from the sensed codeddata, a plurality of sensed signature parts; determining, using thesensed signature parts, a determined signature determining, using thedetermined signature and a key, a determined identity; comparing thesensed identity to the determined identity; and, authenticating theobject using the results of the comparison.

Optionally, the device includes a data store, and wherein the processor:using the sensed identity, retrieves stored data indicative of thedigital signature, the stored data including at least one of: paddingassociated with the signature; a private key; a public key; one or moredigital signature parts; and, the digital signature; authenticates theobject using the stored data.

Optionally, the data store is a remote database.

Optionally, the processor is for determining, from the sensed codeddata, a plurality of signature parts representing the entire signature.

Optionally, the coded data is printed on the surface using at least oneof an invisible ink and an infrared-absorptive ink, and wherein thesensor is at least one of: an infrared detector; and, a laser scanner.

Optionally, the device is at least one of: a document scanner; a cashregister; a netpage pen; a currency scanner; a hand-held scanner; aMobile Phone with Inbuilt scanner; an automatic telling machine; and, avending machine.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes at least one of: an identity of atleast one of: the object; the surface; and, a region of the surface;and, an Electronic Product Code (EPC); a National Drug Code (NDC)number; a serial number of a pharmaceutical item; a currency noteattribute including at least one of: currency; issue country;denomination; note side; printing works; and serial number; a checkattribute including at least one of: currency; issuing institution;account number; serial number; expiry date; check value; and limit; anda card attribute including at least one of: card type; issuinginstitution; account number; issue date; expiry date; and limit.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

Optionally, the device includes, an indicator for indicating success orfailure of the authentication.

Optionally, the coded data is printed on the surface using at least oneof an invisible ink and an infrared-absorptive ink, and wherein thesensor is at least one of: an infrared detector; and, a laser scanner.

Optionally, the device is at least one of: a document scanner; a cashregister; a netpage pen; a currency scanner; a hand-held scanner; aMobile Phone with Inbuilt scanner; an automatic telling machine; and, avending machine.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes at least one of: an identity of atleast one of: the object; the surface; and, a region of the surface;and, an Electronic Product Code (EPC); a National Drug Code (NDC)number; a serial number of a pharmaceutical item; a currency noteattribute including at least one of: currency; issue country;denomination; note side; printing works; and serial number; a checkattribute including at least one of: currency; issuing institution;account number; serial number; expiry date; check value; and limit; anda card attribute including at least one of: card type; issuinginstitution; account number; issue date; expiry date; and limit.

Optionally, the processor is for determining, from the sensed codeddata, indicating data indicative of a plurality of signature partsrepresenting the entire signature.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

Optionally, the coded includes a number of coded data portions, eachcoded data portion encoding: an identity; and, at least part of asignature, the signature being a digital signature of at least part ofthe identity.

Optionally, the coded data includes a number of coded data portions,each coded data portion encodes: an identity; and, at least part of asignature, the signature being a digital signature of at least: part ofthe identity; and part of predetermined padding.

Optionally, the coded data includes a plurality of coded data portions,each coded data portion encodes: an identity; and, at least a fragmentof a data object; the data portions being arranged such that the entiredata object is encoded at least once by the plurality of coded dataportions.

Optionally, the device is used in a method of authenticating an object,the method including, in a computer system: receiving indicating datafrom a sensing device, the sensing device generating the indicating datain response to sensing the coded data provided on or in the surfaceassociated with the object, the indicating data being indicative of: anidentity of the object; and, at least part of a signature, the signaturebeing a digital signature of at least part of the identity; determining,using the indicating data, a received identity and a received signaturepart; determining, using the received identity, at least a determinedsignature part; comparing the determined signature part to the receivedsignature part; and, authenticating the object using the results of thecomparison.

Optionally, the device is used in a method of authenticating an object,the method including: sensing the coded data provided on or in thesurface associated with the object, the coded data being indicative of:an identity of the object; and, at least part of a signature, thesignature being a digital signature of at least part of the identity;determining, using the sensed coded data, a sensed identity and a sensedsignature part; determining, using the sensed identity, at least adetermined signature part; comparing the determined signature part tothe sensed signature part; and, authenticating the object using theresults of the comparison.

Optionally, the device is used in a method of authenticating an object,the method including, in a computer system: receiving from a sensingdevice, indicating data, the indicating data being generated in responseto sensing the coded data provided on or in the surface associated withthe object, the indicating data being indicative of: an identity of theobject; and, a plurality of signature fragments, the signature being adigital signature of at least part of the identity; determining, usingthe indicating data, the identity and the plurality of signaturefragments; determining, using the plurality of signature fragments, adetermined signature; generating, using the determined signature and akey, a generated identity; comparing the identity to the generatedidentity; and, authenticating the object using the results of thecomparison.

Optionally, the device is used in a method of authenticating an object,the method including: sensing the coded data provided on or in thesurface associated with the object; determining, from the sensed codeddata: an identity of the object; and, a plurality of signaturefragments, the signature being a digital signature of at least part ofthe identity; determining, using the plurality of signature fragments, adetermined signature; generating, using the determined signature and akey, a generated identity; comparing the identity to the generatedidentity; and, authenticating the object using the results of thecomparison.

Optionally, the device is used in a method of authenticating an object,the method including, in the processor: receiving indicating data, theindicating data being generated in response to sensing the coded dataprovided on or in the surface associated with the object, the indicatingdata being indicative of: an identity of the object; and, at least partof a signature, the signature being a digital signature of at least apart of the identity; determining from the indicating data, a receivedidentity and at least one received signature part; determining, usingthe received identity and a secret key, a determined signature;comparing the determined signature to the at least one receivedsignature part; and, authenticating the object using the results of thecomparison.

Optionally, the device is used in a method of authenticating an object,the coded data having a number of coded data portions, each coded dataportion encoding: an identity of the object; and, a fragment of asignature, the signature being a digital signature of at least part ofthe identity; the method including, in the processor: receivingindicating data, the indicating data being generated in response tosensing of a plurality of coded data portions, the indicating data beingindicative of: the identity of the object; and, a plurality of signaturefragments; determining, from the indicating data, a received identityand a plurality of received signature fragments; determining, using theplurality of signature fragments and a secret key, a determinedidentity; comparing the determined identity to the received identity;and, authenticating the object using the results of the comparison.

In an eighteenth broad form of the invention provides a device forauthenticating an object, the device including: a sensor for sensingcoded data provided on or in a surface associated with the object, thecoded data encoding: an identity; and, at least part of a signature, thesignature being a digital signature of at least part of the identity; aprocessor for determining, from the sensed coded data, indicating dataindicative of: the identity; at least one signature part; acommunications system for transferring the indicating data to a computersystem, the computer system being responsive to the indicating data toauthenticate the object.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, the device communicates with the computer system via atleast one of: a communications network; the Internet; a mobile phonenetwork; and, a wireless connection.

Optionally, the computer system is for: determining, using the receivedidentity, at least a determined signature part; comparing the determinedsignature part to the received signature part; and, authenticating theobject using the results of the comparison.

In a nineteenth broad form the invention provides a computer system forauthenticating an object, the computer system being for: receiving froma device, indicating data, the indicating data being determined inresponse to sensing of coded data provided on or in a surface associatedwith the object, the indicating data being indicative of: an identity ofthe object; at least part of a signature, the signature being a digitalsignature of at least part of the identity; determining, from theindicating data, a received identity and at least one received signaturepart; authenticating the object using the received identity and the atleast one received signature part.

Optionally the coded data includes a number of coded data portions, andwherein each coded data portion is at least partially indicative of atleast one of: at least part of the identity; at least part of thesignature; and, a position of the coded data portion on the surface.

Optionally each coded data portion encodes the entire signature.

Optionally the entire signature is formed from a plurality of signatureparts, and wherein each coded data portion encodes a respectivesignature part.

Optionally, the computer system is for: determining, using the receivedidentity and a key, at least a determined signature part; comparing thedetermined signature part to the received signature part; and,authenticating the object using the results of the comparison.

Optionally, the computer system is for: determining, from the indicatingdata, a plurality of received signature parts; determining, using thereceived signature parts, a determined signature determining, using thedetermined signature and a key, a determined identity; comparing thereceived identity to the determined identity; and, authenticating theobject using the results of the comparison.

Optionally, the computer system: generates authentication dataindicative of success or failure of the authentication; and, transfersthe authentication data to a user.

Optionally, the computer system includes a data store, and wherein thecomputer system: uses the sensed identity, retrieves stored dataindicative of the digital signature, the stored data including at leastone of: padding associated with the signature; a private key; a publickey; one or more digital signature parts; and, the digital signature;authenticates the object using the stored data.

Optionally, the data store is a remote database.

Optionally, the computer system is for determining, from the sensedcoded data, a plurality of signature parts representing the entiresignature.

Optionally, the computer system transfers the authentication data to thedevice.

Optionally, the computer system communicates with the device via atleast one of: a communications network; the Internet; a mobile phonenetwork; and, a wireless connection.

Optionally, the digital signature includes at least one of: a randomnumber associated with the identity; a keyed hash of at least theidentity; a keyed hash of at least the identity produced using a privatekey, and verifiable using a corresponding public key; cipher-textproduced by encrypting at least the identity; cipher-text produced byencrypting at least the identity and a random number; cipher-textproduced using a private key, and verifiable using a correspondingpublic key; and cipher-text produced using RSA encryption.

Optionally, the identity includes at least one of: an identity of atleast one of: the object; the surface; and, a region of the surface;and, an Electronic Product Code (EPC); a National Drug Code (NDC)number; a serial number of a pharmaceutical item; a currency noteattribute including at least one of: currency; issue country;denomination; note side; printing works; and serial number; a checkattribute including at least one of: currency; issuing institution;account number; serial number; expiry date; check value; and limit; anda card attribute including at least one of: card type; issuinginstitution; account number; issue date; expiry date; and limit.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout including n identical sub-layouts rotated 1/n revolutions apartabout a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.

Optionally, the coded data is arranged in accordance with at least onelayout having n-fold rotational symmetry, where n is at least two, thelayout encoding orientation-indicating data comprising a sequence of aninteger multiple m of n symbols, where m is one or more, each encodedsymbol being distributed at n locations about a centre of rotationalsymmetry of the layout such that decoding the symbols at each of the norientations of the layout produces n representations of theorientation-indicating data, each representation comprising a differentcyclic shift of the orientation-indicating data and being indicative ofthe degree of rotation of the layout.

In a twentieth broad form the present invention provides a method ofverifying an object, wherein the method includes, in a computer system:receiving a verification request, the request being at least partiallyindicative of: an identity of the object; at least one signaturefragment, the signature being a digital signature of at least part ofthe identity; determining, using the verification request, a determinedidentity; determining, using the determined identity, and from adatabase, at least one criterion relating to verification; and,comparing the received verification request to the at least onecriterion; and causing the object to be verified if the at least onecriterion is satisfied.

Optionally the at least one criterion relates to a limit on at least oneof: a number of received verification requests; a rate of receivedverification requests; and, timing of received verification requests.

Optionally the limit is defined in respect of at least one of: theidentity of the object; the signature; the signature fragment; averification request source; and, the object.

Optionally the limit is proportional to a size of the signaturefragment.

Optionally the method includes, in the computer system: determining,using the verification request: a request history indicative of a numberof previously received verification requests; and, a correspondinglimit; determining, using the verification request and the requesthistory, a request number; and, causing the object to be verified if therequest number does not exceed the corresponding limit.

Optionally the method includes, in the computer system, and in responseto a verification request, updating the request history.

Optionally the request history is indicative of the timing of thereceived verification request.

Optionally the request history is associated with: the identity of theobject; the signature; the signature fragment; a verification requestsource; and, the object.

Optionally the method includes, in the computer system, verifying theobject by authenticating the object using the identity of the object andthe at least one signature fragment.

Optionally the verification request is at least partially indicative ofan identity of the signature fragment.

Optionally the object is associated with a surface having disposedthereon or therein coded data including a number of coded data portions,each coded data portion being indicative of at least the identity and asignature fragment, and wherein, in response to sensing of at least onecoded data portion, a sensing device generates the verification request.

Optionally the verification request is at least partially indicative ofan identity of the signature fragment, the fragment identity being basedon at least one of: a number encoded within the at least one sensedcoded data portion; and, a position of the at least one sensed codeddata portion on the surface.

Optionally the method includes, in the computer system, only comparingthe received verification request to the at least one criterion after afailed verification.

Optionally the method includes, in a computer system: receiving averification request, the request being at least partially indicativeof: an identity of the object; a concatenation of: a signature fragment,the signature fragment being a digital signature of at least part of theidentity; and a random signature; determining, using the verificationrequest, a determined identity; determining, using the concatenation,the signature fragment; and, verifying the object using the determinedidentity and the signature fragment.

Optionally the method includes, in the computer system: determining,using the determined identity, a key; generating, using the determinedidentity and the key, a generated signature; comparing the generatedsignature to the concatenation to thereby identify and authenticate thesignature fragment.

In another broad form the present invention provides coded data fordisposal on or in a surface, the coded data including a number of codeddata portions, each coded data portion encoding: an identity; and, afragment of a signature, the signature being a digital signature of atleast part of the identity; and a random signature.

In another broad form the present invention provides coded data fordisposal on or in a surface, the coded data including a number of codeddata portions, each coded data portion being at least partiallyindicative of: an identity; at least fragment of a signature, thesignature being a digital signature of at least part of the identity;and, a position of the coded data on the surface.

Optionally each coded data portion is at least partially indicative of adata portion identity, the data portion identity being unique for eachcoded data portion, the data portion identity being indicative of theposition.

Optionally the coded data is disposed on or in the surface using alayout, the layout being indicative of, for each data portion identity,the position of the corresponding coded data portion.

Optionally the signature is generated using RSA encryption.

BRIEF DESCRIPTION OF THE DRAWINGS

An example of the present invention will now be described with referenceto the accompanying drawings, in which:

FIG. 1 is an example of a document including Hyperlabel encoding;

FIG. 2 is an example of a system for interacting with the Hyperlabeldocument of FIG. 1;

FIG. 3 is a further example of system for interacting with theHyperlabel document of FIG. 1;

FIG. 4. is a first example of a tag structure;

FIG. 5. is an example of a symbol unit cell for the tag structure ofFIG. 4;

FIG. 6. is an example of an array of the symbol unit cells of FIG. 5;

FIG. 7. is an example of symbol bit ordering in the unit cells of FIG.5;

FIG. 8. is an example of the tag structure of FIG. 4 with every bit set;

FIG. 9. is an example of tag types within a tag group for the tagstructure of FIG. 4;

FIG. 10. is an example of continuous tiling of the tag groups of FIG. 9;

FIG. 11 is an example of interleaved codewords for the tag structure ofFIG. 4;

FIG. 12 is an example of a code word for the tag structure of FIG. 4;

FIG. 13. is an example of a tag and its eight immediate neighbours, eachlabelled with its corresponding bit index in the active area map;

FIG. 14. is an alternative example of tag types within a tag group forthe tag structure of FIG. 4;

FIG. 15. is an example of continuous tiling of the tag groups of FIG.14;

FIG. 16. is an example of the orientation-indicating cyclic positioncodeword R for the tag group of FIG. 14;

FIG. 17. is an example of a local codeword A for the tag group of FIG.14;

FIG. 18. is an example of distributed codewords B, C, D and E, for thetag group of FIG. 14;

FIG. 19. is an example of a layout of complete tag group;

FIG. 20. is an example of a code word for the tag group of FIG. 14;

FIG. 21. is a second example of a tag structure;

FIG. 22. is an example of a symbol unit cell for the tag structure ofFIG. 21;

FIG. 23. is an example of an array of the symbol unit cells of FIG. 22;

FIG. 24. is an example of symbol bit ordering in the unit cells of FIG.22;

FIG. 25. is an example of the tag structure of FIG. 21 with every bitset;

FIG. 26. is an example of tag types within a tag group for the tagstructure of FIG. 21;

FIG. 27. is an example of continuous tiling of the tag groups of FIG.26;

FIG. 28 is an example of an orientation indicating cyclic positioncodeword for the tag structure of FIG. 21;

FIG. 29 is an example of a codeword for the tag structure of FIG. 21;

FIG. 30 is an example of fragments of distributed codewords for the tagstructure of FIG. 21;

FIG. 31. is an example of continuous tiling of the tag groups of FIG.21;

FIG. 32. is an example of a tag segment of the tag groups of FIG. 21;

FIG. 33. is an example of inter-segment spacing for the tag groups ofFIG. 21;

FIG. 34. is an example of the effect of inter-segment spacing on targetposition for the tag groups of FIG. 21;

FIG. 35. is an example of a code word for the tag group of FIG. 21;

FIG. 36. is an example of tag coordinates for the tag group of FIG. 21;

FIG. 37. is an example of tag and six immediate neighbour tags eachlabelled with its corresponding bit index in the active area map;

FIG. 38. is an example of a contiguous set of tags making up a datablock;

FIG. 39. is an example of an expanded tag structure;

FIG. 40 is an example of a codeword for the tag structure of FIG. 39;

FIG. 41 is an example of fragments of distributed codewords for the tagstructure of FIG. 39;

FIG. 42 is a second example of fragments of distributed codewords forthe tag structure of FIG. 39;

FIG. 43 is an example of an item signature object model;

FIG. 44. is an example of Scanning at Retailer interactions;

FIG. 45. is an example of Online Scanning interaction detail;

FIG. 46. is an example of Offline Scanning interaction details;

FIG. 47. is an example of netpage Pen Scanning interactions;

FIG. 48. is an example of netpage Pen Scanning interaction details;

FIG. 49. is an example of a Hyperlabel tag class diagram;

FIG. 50. is an example of an item ID class diagram;

FIG. 51. is an example of a note ID class diagram

FIG. 52. is an example of a pharmaceutical ID class diagram;

FIG. 53. is an example of an Object Description, ownership andaggregation class diagram;

FIG. 54. is an example of an Object Scanning History class diagram;

FIG. 55. is an example of scanner class disgram;

FIG. 56. is an example of an object ID hot list diagram;

FIG. 57. is an example of a valid ID range class diagram;

FIG. 58. is an example of Public Key List class diagram;

FIG. 59. is an example of a Trusted Authenticator class diagram;

FIG. 60. is an example of Tagging and Tracking Object Management.

DETAILED DESCRIPTION OF THE DRAWINGS

The netpage surface coding consists of a dense planar tiling of tags.Each tag encodes its own location in the plane. Each tag also encodes,in conjunction with adjacent tags, an identifier of the regioncontaining the tag. In the netpage system, the region typicallycorresponds to the entire extent of the tagged surface, such as one sideof a sheet of paper.

Hyperlabel is the adaptation of the netpage tags for use in unique itemidentification for a wide variety of applications, including securitydocument protection, object tracking, pharmaceutical security,supermarket automation, interactive product labels, web-browsing fromprinted surfaces, paper based email, and many others.

Using Memjet™ digital printing technology (which is the subject of anumber of pending U.S. patent applications including U.S. Ser. No.10/407,212), Hyperlabel tags are printed over substantially an entiresurface, such as a security document, bank note, or pharmaceuticalpackaging, using infrared (IR) ink. By printing the tags ininfrared-absorptive ink on any substrate which is infrared-reflective,the near-infrared wavelengths, and hence the tags are invisible to thehuman eye but are easily sensed by a solid-state image sensor with anappropriate filter. This allows machine readable information to beencoded over a large portion of the note or other surface, with novisible effect on the original note text or graphics thereon. A scanninglaser or image sensor can read the tags on any part of the surface toperforms associated actions, such as validating each individual note oritem.

An example of such a Hyperlabel encoded document, is shown in FIG. 1. Inthis example, the Hyperlabel document consists of graphic data 2 printedusing visible ink, and coded data 3 formed from Hyperlabel tags 4. Thedocument includes an interactive element 6 defined by a zone 7 whichcorresponds to the spatial extent of a corresponding graphic 8. In use,the tags encode tag data including an ID. By sensing at least one tag,and determining and interpreting the encoded ID using an appropriatesystem, this allows the associated actions to be performed.

In one example, a tag map is used to define a layout of the tags on theHyperlabel document based on the ID encoded within the tag data. The IDcan also be used to reference a document description which describes theindividual elements of the Hyperlabel document, and in particulardescribes the type and spatial extent (zone) of interactive elements,such as a button or text field. Thus, in this example, the element 6 hasa zone 7 which corresponds to the spatial extent of a correspondinggraphic 8. This allows a computer system to interpret interactions withthe Hyperlabel document.

In position indicating techniques, the ID encoded within the tag data ofeach tag allows the exact position of the tag on the Hyperlabel documentto be determined from the tag map. The position can then be used todetermine whether the sensed tag is positioned in a zone of aninteractive element from the document description.

In object indicating techniques, the ID encoded within the tag dataallows the presence of the tag in a region of the document to bedetermined from the tag map (the relative position of the tag within theregion may also be indicated). In this case, the document descriptioncan be used to determine whether the region corresponds to the zone ofan interactive element.

An example of this process will now be described with reference to FIGS.2 and 3 which show how a sensing device in the form of a netpage orNetpage pen 101, which interacts with the coded data on a printedHyperlabel document 1, such as a security document, label, productpackaging or the like.

The Netpage pen 101 senses a tag using an area image sensor and detectstag data. The Netpage pen 101 uses the sensed data tag to generateinteraction data which is transmitted via a short-range radio link 9 toa relay 44, which may form part of a computer 75 or a printer 601. Therelay sends the interaction data, via a network 19, to a document server10, which uses the ID to access the document description, and interpretthe interaction. In appropriate circumstances, the document server sendsa corresponding message to an application server 13, which can thenperform a corresponding action.

In an alternative embodiment, the PC, Web terminal, netpage printer orrelay device may communicate directly with local or remote applicationsoftware, including a local or remote Web server. Relatedly, output isnot limited to being printed by the netpage printer. It can also bedisplayed on the PC or Web terminal, and further interaction can bescreen-based rather than paper-based, or a mixture of the two.

Typically Netpage pen users register with a registration server 11,which associates the user with an identifier stored in the respectiveNetpage pen. By providing the sensing device identifier as part of theinteraction data, this allows users to be identified, allowingtransactions or the like to be performed.

Hyperlabel documents are generated by having an ID server generate an IDwhich is transferred to the document server 10. The document server 10determines a document description and then records an associationbetween the document description and the ID, to allow subsequentretrieval of the document description using the ID.

The ID is then used to generate the tag data, as will be described inmore detail below, before the document is printed by the Hyperlabelprinter 601, using the page description and the tag map.

Each tag is represented by a pattern which contains two kinds ofelements. The first kind of element is a target. Targets allow a tag tobe located in an image of a coded surface, and allow the perspectivedistortion of the tag to be inferred. The second kind of element is amacrodot. Each macrodot encodes the value of a bit by its presence orabsence.

The pattern is represented on the coded surface in such a way as toallow it to be acquired by an optical imaging system, and in particularby an optical system with a narrowband response in the near-infrared.The pattern is typically printed onto the surface using a narrowbandnear-infrared ink.

In the Hyperlabel system the region typically corresponds to the surfaceof an entire product item, or to a security document, and the region IDcorresponds to the unique item ID. For clarity in the followingdiscussion we refer to items and item IDs (or simply IDs), with theunderstanding that the item ID corresponds to the region ID.

The surface coding is designed so that an acquisition field of viewlarge enough to guarantee acquisition of an entire tag is large enoughto guarantee acquisition of the ID of the region containing the tag.Acquisition of the tag itself guarantees acquisition of the tag'stwo-dimensional position within the region, as well as othertag-specific data. The surface coding therefore allows a sensing deviceto acquire a region ID and a tag position during a purely localinteraction with a coded surface, e.g. during a “click” or tap on acoded surface with a pen.

A wide range of different tag structures can be used, and some exampleswill now be described.

First Example Tag Structure

FIG. 4 shows the structure of a complete tag. Each of the four blackcircles is a target. The tag, and the overall pattern, has four-foldrotational symmetry at the physical level.

Each square region represents a symbol, and each symbol represents fourbits of information.

FIG. 5 shows the structure of a symbol. It contains four macrodots, eachof which represents the value of one bit by its presence (one) orabsence (zero).

The macrodot spacing is specified by the parameter s throughout thisdocument. It has a nominal value of 143 μm, based on 9 dots printed at apitch of 1600 dots per inch. However, it is allowed to vary by +10%according to the capabilities of the device used to produce the pattern.

FIG. 6 shows an array of nine adjacent symbols. The macrodot spacing isuniform both within and between symbols.

FIG. 7 shows the ordering of the bits within a symbol. Bit zero is theleast significant within a symbol; bit three is the most significant.Note that this ordering is relative to the orientation of the symbol.The orientation of a particular symbol within the tag is indicated bythe orientation of the label of the symbol in the tag diagrams. Ingeneral, the orientation of all symbols within a particular segment ofthe tag have the same orientation, consistent with the bottom of thesymbol being closest to the centre of the tag.

Only the macrodots are part of the representation of a symbol in thepattern. The square outline of a symbol is used in this document to moreclearly elucidate the structure of a tag. FIG. 8, by way ofillustration, shows the actual pattern of a tag with every bit set. Notethat, in practice, every bit of a tag can never be set.

A macrodot is nominally circular with a nominal diameter of ( 5/9)s.However, it is allowed to vary in size by ±10% according to thecapabilities of the device used to produce the pattern.

A target is nominally circular with a nominal diameter of ( 17/9)s.However, it is allowed to vary in size by ±10% according to thecapabilities of the device used to produce the pattern.

The tag pattern is allowed to vary in scale by up to ±10% according tothe capabilities of the device used to produce the pattern. Anydeviation from the nominal scale is recorded in the tag data to allowaccurate generation of position samples.

Each symbol shown in the tag structure in FIG. 4 has a unique label.Each label consists an alphabetic prefix and a numeric suffix.

Tag Group

Tags are arranged into tag groups. Each tag group contains four tagsarranged in a square. Each tag therefore has one of four possible tagtypes according to its location within the tag group square. The tagtypes are labelled 00, 10, 01 and 11, as shown in FIG. 9.

FIG. 10 shows how tag groups are repeated in a continuous tiling oftags. The tiling guarantees the any set of four adjacent tags containsone tag of each type.

Codewords

The tag contains four complete codewords. Each codeword is of apunctured 2⁴-ary (8,5) Reed-Solomon code.

Two of the codewords are unique to the tag. These are referred to aslocal and are labelled A and B. The tag therefore encodes up to 40 bitsof information unique to the tag.

The remaining two codewords are unique to a tag type, but common to alltags of the same type within a contiguous tiling of tags. These arereferred to as global and are labelled C and D, subscripted by tag type.A tag group therefore encodes up to 160 bits of information common toall tag groups within a contiguous tiling of tags.

The layout of the four codewords is shown in FIG. 11.

Reed-Solomon Encoding

Codewords are encoded using a punctured 2⁴-ary (8,5) Reed-Solomon code.

A 2⁴-ary (8,5) Reed-Solomon code encodes 20 data bits (i.e. five 4-bitsymbols) and 12 redundancy bits (i.e. three 4-bit symbols) in eachcodeword. Its error-detecting capacity is three symbols. Itserror-correcting capacity is one symbol.

As shown in FIG. 12, codeword coordinates are indexed in coefficientorder, and the data bit ordering follows the codeword bit ordering.

A punctured 2⁴-ary (8,5) Reed-Solomon code is a 2⁴-ary (15,5)Reed-Solomon code with seven redundancy coordinates removed. The removedcoordinates are the most significant redundancy coordinates.

The code has the following primitive polynominal:p(x)=x ⁴ +x+1

The code has the following generator polynominal:g(x)=(x+α)(x+α ²) . . . (x+α ¹⁰)

For a detailed description of Reed-Solomon codes, refer to Wicker, S. B.and V. K. Bhargava, eds., Reed-Solomon Codes and Their Applications,IEEE Press, 1994.

Tag Coordinate Space

The tag coordinate space has two orthogonal axes labelled x and yrespectively. When the positive x axis points to the right then thepositive y axis points down.

The surface coding does not specify the location of the tag coordinatespace origin on a particular tagged surface, nor the orientation of thetag coordinate space with respect to the surface. This information isapplication-specific. For example, if the tagged surface is a sheet ofpaper, then the application which prints the tags onto the paper mayrecord the actual offset and orientation, and these can be used tonormalise any digital ink subsequently captured in conjunction with thesurface.

The position encoded in a tag is defined in units of tags. Byconvention, the position is taken to be the position of the centre ofthe target closest to the origin.

Tag Information Content

Table 1 defines the information fields embedded in the surface coding.Table 2 defines how these fields map to codewords. TABLE 1 Fielddefinitions Field width description per codeword codeword type 2 Thetype of the codeword, i.e. one of A (b′00′), B (b′01′), C (b′10′) and D(b′11′). per tag tag type 2 The type of the tag, i.e. one of 00 (b′00′),01 (b′01′), 10 (b′10′) and 11 (b′11′) - corresponds to the bottom twobits of the x and y coordinates of the tag. x coordinate 13 The unsignedx coordinate of the tag allows a maximum coordinate value ofapproximately 14 m. y coordinate 13 The unsigned y coordinate of thetag^(b). active area flag 1 A flag indicating whether the tag is amember of an active area. b′1′ indicates membership. active area mapflag 1 A flag indicating whether an active area map is present. b′1′indicates the presence of a map (see next field). If the map is absentthen the value of each map entry is derived from the active area flag(see previous field). active area map 8. A map¹ of which of the tag'simmediate eight neighbours are members of an active area. b′1′ indicatesmembership (FIG. 13 indicates the bit ordering of the map) data fragment8 A fragment of an embedded data stream. Only present if the active areamap is absent. per tag group encoding format 8 The format of theencoding. 0: the present encoding Other values are TBA. Region flags 8Flags controlling the interpretation and routing of region- relatedinformation. 0: region ID is an EPC 1: region is linked 2: region isinteractive 3: region is signed 4: region includes data 5: regionrelates to mobile application Other bits are reserved and must be zero.tag size adjustment 16 The difference between the actual tag size andthe nominal tag size (1.7145 mm (based on 1600 dpi, 9 dots per macrodot,and 12 macrodots per tag)), in 10 nm units, in sign-magnitude format.Region ID 96 The ID of the region containing the tags. CRC 16 A CRC oftag group data (CCITT CRC-16 (ITU, Interface between Data TerminalEquipment (DTE) and Data Circuit-terminating Equipment (DCE) forterminals operating in the packet mode and connected to public datanetworks by dedicated circuit, ITU-T X.25 (10/96)) Total 320

The active area map indicates whether the corresponding tags are membersof an active area. An active area is an area within which any capturedinput should be immediately forwarded to the corresponding Hyperlabelserver for interpretation. It also allows the Hyperlabel sensing deviceto signal to the user that the input will have an immediate effect.TABLE 2 Mapping of fields to codewords codeword field codeword bitsfield Width bits A 1:0 codeword type (b′00′) 2 all 10:2  x coordinate 912:4  19:11 Y coordinate 9 12:4  B 1:0 codeword type (b′01′) 2 all  2tag type 1 0 5:2 x coordinate 4 3:0  6 tag type 1 1 9:6 y coordinate 43:0 10 active area flag 1 all 11 active area map flag 1 all 19:12 activearea map 8 all 19:12 data fragment 8 all C₀₀ 1:0 codeword type (b′10′) 2all 9:2 encoding format 8 all 17:10 region flags 8 all 19:18 tag sizeadjustment 2 1:0 C₀₁ 1:0 codeword type (b′10′) 2 all 15:2  tag sizeadjustment 14 15:2  19:16 region ID 4 3:0 C₁₀ 1:0 codeword type (b′10′)2 all 19:2  region ID 18 21:4  C₁₁ 1:0 codeword type (b′10′) 2 all 19:2 region ID 18 39:22 D₀₀ 1:0 codeword type (b′11′) 2 all 19:2  region ID18 57:40 D₀₁ 1:0 codeword type (b′11′) 2 all 19:2  region ID 18 75:58D₁₀ 1:0 codeword type (b′11′) 2 all 19:2  region ID 18 93:76 D₁₁ 1:0codeword type (b′11′) 2 all 3:2 region ID 2 95:94 19:4  CRC 16 all

Note that the tag type can be moved into a global codeword to maximiselocal codeword utilization. This in turn can allow larger coordinatesand/or 16-bit data fragments (potentially configurably in conjunctionwith coordinate precision). However, this reduces the independence ofposition decoding from region ID decoding and has not been included inthe specification at this time.

Embedded Data

If the “region includes data” flag in the region flags is set then thesurface coding contains embedded data. The data is encoded in multiplecontiguous tags' data fragments, and is replicated in the surface codingas many times as it will fit.

The embedded data is encoded in such a way that a random and partialscan of the surface coding containing the embedded data can besufficient to retrieve the entire data. The scanning system reassemblesthe data from retrieved fragments, and reports to the user whensufficient fragments have been retrieved without error.

As shown in Table 3, a 200-bit data block encodes 160 bits of data. Theblock data is encoded in the data fragments of A contiguous group of 25tags arranged in a 5×5 square. A tag belongs to a block whose integercoordinate is the tag's coordinate divided by 5. Within each block thedata is arranged into tags with increasing x coordinate withinincreasing y coordinate.

A data fragment may be missing from a block where an active area map ispresent. However, the missing data fragment is likely to be recoverablefrom another copy of the block.

Data of arbitrary size is encoded into a superblock consisting of acontiguous set of blocks arranged in a rectangle. The size of thesuperblock is encoded in each block. A block belongs to a superblockwhose integer coordinate is the block's coordinate divided by thesuperblock size. Within each superblock the data is arranged into blockswith increasing x coordinate within increasing y coordinate.

The superblock is replicated in the surface coding as many times as itwill fit, including partially along the edges of the surface coding.

The data encoded in the superblock may include more precise typeinformation, more precise size information, and more extensive errordetection and/or correction data. TABLE 3 Embedded data block fieldwidth description data type 8 The type of the data in the superblock.Values include: 0: type is controlled by region flags 1: MIME Othervalues are TBA. superblock width 8 The width of the superblock, inblocks. superblock height 8 The height of the superblock, in blocks.data 160 The block data. CRC 16 A CRC of the block data. total 200Alternative First Example Tag StructureTag Group

Tags are arranged into tag groups. Each tag group contains four tagsarranged in a square. Each tag therefore has one of four possible tagtypes according to its location within the tag group square. The tagtypes are labelled 00, 10, 01 and 11, as shown in FIG. 14.

Each tag in the tag group is rotated as shown in the figure, i.e. tagtype 00 is rotated 0 degrees, tag type 10 is rotated 90 degrees, tagtype 11 is rotated 180 degrees, and tag type 01 is rotated 270 degrees.

FIG. 15 shows how tag groups are repeated in a continuous tiling oftags. The tiling guarantees the any set of four adjacent tags containsone tag of each type.

Orientation-Indicating Cyclic Position Code

The tag contains a 2⁴-ary (4, 1) cyclic position codeword which can bedecoded at any of the four possible orientations of the tag to determinethe actual orientation of the tag. Symbols which are part of the cyclicposition codeword have a prefix of “R” and are numbered 0 to 3 in orderof increasing significance.

The cyclic position codeword is (0, 7, 9, E₁₆) Note that it only usesfour distinct symbol values, even though a four-bit symbol has sixteenpossible values. During decoding, any unused symbol value should, ifdetected, be treated as an erasure. To maximise the probability oflow-weight bit error patterns causing erasures rather than symbolerrors, the symbol values are chosen to be as evenly spaced on thehypercube as possible.

The minimum distance of the cyclic position code is 4, hence itserror-correcting capacity is one symbol in the presence of up to oneerasure, and no symbols in the presence of two or more erasures.

The layout of the orientation-indicating cyclic position codeword isshown in FIG. 16.

Local Codeword

The tag locally contains one complete codeword which is used to encodeinformation unique to the tag. The codeword is of a punctured 2⁴-ary(13, 7) Reed-Solomon code. The tag therefore encodes up to 28 bits ofinformation unique to the tag.

The layout of the local codeword is shown in FIG. 17.

Distributed Codewords

The tag also contains fragments of four codewords which are distributedacross the four adjacent tags in a tag group and which are used toencode information common to a set of contiguous tags. Each codeword isof a 2⁴-ary (15,11) Reed-Solomon code. Any four adjacent tags thereforetogether encode up to 176 bits of information common to a set ofcontiguous tags.

The layout of the four complete codewords, distributed across the fouradjacent tags in a tag group, is shown in FIG. 18. The order of the fourtags in the tag group in FIG. 18 is the order of the four tags in FIG.14.

FIG. 19 shows the layout of a complete tag group.

Reed-Solomon Encoding—Local Codeword

The local codeword is encoded using a punctured 2⁴-ary (13, 7)Reed-Solomon code. The code encodes 28 data bits (i.e. seven symbols)and 24 redundancy bits (i.e. six symbols) in each codeword. Itserror-detecting capacity is six symbols. Its error-correcting capacityis three symbols.

As shown in FIG. 20, codeword coordinates are indexed in coefficientorder, and the data bit ordering follows the codeword bit ordering.

The code is a 2⁴-ary (15, 7) Reed-Solomon code with two redundancycoordinates removed. The removed coordinates are the most significantredundancy coordinates.

The code has the following primitive polynominal:p(x)=x ⁴ +x+1  (EQ 1)

The code has the following generator polynominal:g(x)=(x+α)(x+α ²) . . . (x+α ⁸)  (EQ 2)Reed-Solomon Encoding—Distributed Codewords

The distributed codewords are encoded using a 2⁴-ary (15, 11)Reed-Solomon code. The code encodes 44 data bits (i.e. eleven symbols)and 16 redundancy bits (i.e. four symbols) in each codeword. Itserror-detecting capacity is four symbols. Its error-correcting capacityis two symbols.

Codeword coordinates are indexed in coefficient order, and the data bitordering follows the codeword bit ordering.

The code has the same primitive polynominal as the local codeword code.

The code has the following generator polynominal:g(x)=(x+α)(x+α ²) . . . (x+α ⁴)  (EQ 3)Tag Coordinate Space

The tag coordinate space has two orthogonal axes labelled x and yrespectively. When the positive x axis points to the right then thepositive y axis points down.

The surface coding does not specify the location of the tag coordinatespace origin on a particular tagged surface, nor the orientation of thetag coordinate space with respect to the surface. This information isapplication-specific. For example, if the tagged surface is a sheet ofpaper, then the application which prints the tags onto the paper mayrecord the actual offset and orientation, and these can be used tonormalise any digital ink subsequently captured in conjunction with thesurface.

The position encoded in a tag is defined in units of tags. Byconvention, the position is taken to be the position of the centre ofthe target closest to the origin.

Tag Information Content

Field Definitions

Table 4 defines the information fields embedded in the surface coding.Table 5 defines how these fields map to codewords. TABLE 4 Fielddefinitions width field (bits) description per tag x coordinate 9 or 13The unsigned x coordinate of the tag allows maximum coordinate values ofapproximately 0.9 m and 14 m respectively. y coordinate 9 or 13 Theunsigned y coordinate of the tag allows maximum coordinate values ofapproximately 0.9 m and 14 m respectively active area flag 1 A flagindicating whether the area (the diameter of the area, centered on thetag, is nominally 5 times the diagonal size of the tag) immediatelysurrounding the tag intersects an active area. b′1′ indicatesintersection. data fragment flag 1 A flag indicating whether a datafragment is present (see next field). b′1′ indicates the presence of adata fragment. If the data fragment is present then the width of the xand y coordinate fields is 9. If it is absent then the width is 13. datafragment 0 or 8  A fragment of an embedded data stream. per tag group(i.e. per region) encoding format 8 The format of the encoding. 0: thepresent encoding Other values are reserved. region flags 8 Flagscontrolling the interpretation of region data. 0: region ID is an EPC 1:region has signature 2: region has embedded data 3: embedded data issignature Other bits are reserved and must be zero. tag size ID 8 The IDof the tag size. 0: the present tag size the nominal tag size is 1.7145mm, based on 1600 dpi, 9 dots per macrodot, and 12 macrodots per tagOther values are reserved. region ID 96 The ID of the region containingthe tags. signature 36 The signature of the region. high-ordercoordinate 4 The width of the high-order part of the x and y width (w)coordinates of the tag. high-order x coordinate 0 to 15 High-order partof the x coordinate of the tag expands the maximum coordinate values toapproximately 2.4 km and 38 km respectively high-order y coordinate 0 to15 High-order part of the y coordinate of the tag expands the maximumcoordinate values to approximately 2.4 km and 38 km respectively. CRC 16A CRC of tag group data.

An active area is an area within which any captured input should beimmediately forwarded to the corresponding Hyperlabel server forinterpretation. This also allows the Hyperlabel server to signal to theuser that the input has had an immediate effect. Since the server hasaccess to precise region definitions, any active area indication in thesurface coding can be imprecise so long as it is inclusive.

The width of the high-order coordinate fields, if non-zero, reduces thewidth of the signature field by a corresponding number of bits. Fullcoordinates are computed by prepending each high-order coordinate fieldto its corresponding coordinate field. TABLE 5 Mapping of fields tocodewords codeword field codeword bits field width bits A 12:0 xcoordinate 13 all 12:9 data fragment 4 3:0 25:13 y coordinate 13 all25:22 data fragment 4 7:4 26 active area flag 1 all 27 data fragmentflag 1 all B  7:0 encoding format 8 all 15:8 region flags 8 all 23:16tag size ID 8 all 39:24 CRC 16 all 43:40 high-order coordinate 4 3:0width (w) C 35:0 signature 36 all (35-w):(36-2w) high-order x coordinatew all 35:(36-w) high-order y coordinate w all 43:36 region ID 8 7:0 D43:0 region ID 44 51:8  E 43:0 region ID 44 95:52Embedded Data

If the “region has embedded data” flag in the region flags is set thenthe surface coding contains embedded data. The data is encoded inmultiple contiguous tags' data fragments, and is replicated in thesurface coding as many times as it will fit.

The embedded data is encoded in such a way that a random and partialscan of the surface coding containing the embedded data can besufficient to retrieve the entire data. The scanning system reassemblesthe data from retrieved fragments, and reports to the user whensufficient fragments have been retrieved without error.

As shown in Table 6, a 200-bit data block encodes 160 bits of data. Theblock data is encoded in the data fragments of a contiguous group of 25tags arranged in a 5×5 square. A tag belongs to a block whose integercoordinate is the tag's coordinate divided by 5. Within each block thedata is arranged into tags with increasing x coordinate withinincreasing y coordinate.

A data fragment may be missing from a block where an active area map ispresent. However, the missing data fragment is likely to be recoverablefrom another copy of the block.

Data of arbitrary size is encoded into a superblock consisting of acontiguous set of blocks arranged in a rectangle. The size of thesuperblock is encoded in each block. A block belongs to a superblockwhose integer coordinate is the block's coordinate divided by thesuperblock size. Within each superblock the data is arranged into blockswith increasing x coordinate within increasing y coordinate.

The superblock is replicated in the surface coding as many times as itwill fit, including partially along the edges of the surface coding.

The data encoded in the superblock may include more precise typeinformation, more precise size information, and more extensive errordetection and/or correction data. TABLE 6 Embedded data block fieldwidth description data type 8 The type of the data in the superblock.Values include: 0: type is controlled by region flags 1: MIME Othervalues are TBA. superblock width 8 The width of the superblock, inblocks. superblock height 8 The height of the superblock, in blocks.data 160 The block data. CRC 16 A CRC of the block data. total 200

It will be appreciated that any form of embedded data may be used,including for example, text, image, audio, video data, such as productinformation, application data, contact data, business card data, anddirectory data.

Region Signatures

If the “region has signature” flag in the region flags is set then thesignature field contains a signature with a maximum width of 36 bits.The signature is typically a random number associated with the region IDin a secure database. The signature is ideally generated using a trulyrandom process, such as a quantum process, or by distilling randomnessfrom random events.

In an online environment the signature can be validated, in conjunctionwith the region ID, by querying a server with access to the securedatabase.

If the “region has embedded data” and “embedded data is signature” flagsin the region flags are set then the surface coding contains a 160-bitcryptographic signature of the region ID. The signature is encoded in aone-block superblock.

In an online environment any number of signature fragments can be used,in conjunction with the region ID and optionally the random signature,to validate the signature by querying a server with knowledge of thefull signature or the corresponding private key.

In an offline (or online) environment the entire signature can berecovered by reading multiple tags, and can then be validated using thecorresponding public signature key.

Signature verification is discussed in more detail below.

Second Example Tag Structure

FIG. 21 shows the structure of a complete tag. Each of the six blackcircles is a target. The tag, and the overall pattern, has six-foldrotational symmetry at the physical level.

Each diamond-shaped region represents a symbol, and each symbolrepresents four bits of information.

FIG. 22 shows the structure of a symbol. It contains four macrodots,each of which represents the value of one bit by its presence (one) orabsence (zero).

The macrodot spacing is specified by the parameter s throughout thisdocument. It has a nominal value of 143 μm, based on 9 dots printed at apitch of 1600 dots per inch. However, it is allowed to vary by ±10%according to the capabilities of the device used to produce the pattern.

FIG. 23 shows an array of five adjacent symbols. The macrodot spacing isuniform both within and between symbols.

FIG. 24 shows the ordering of the bits within a symbol. Bit zero is theleast significant within a symbol; bit three is the most significant.Note that this ordering is relative to the orientation of the symbol.The orientation of a particular symbol within the tag is indicated bythe orientation of the label of the symbol in the tag diagrams. Ingeneral, the orientation of all symbols within a particular segment ofthe tag have the same orientation, consistent with the bottom of thesymbol being closest to the centre of the tag.

Only the macrodots are part of the representation of a symbol in thepattern. The diamond-shaped outline of a symbol is used in this documentto more clearly elucidate the structure of a tag. FIG. 25, by way ofillustration, shows the actual pattern of a tag with every bit set. Notethat, in practice, every bit of a tag can never be set.

A macrodot is nominally circular with a nominal diameter of ( 5/9)s.However, it is allowed to vary in size by ±10% according to thecapabilities of the device used to produce the pattern.

A target is nominally circular with a nominal diameter of ( 17/9)s.However, it is allowed to vary in size by +10% according to thecapabilities of the device used to produce the pattern.

The tag pattern is allowed to vary in scale by up to ±10% according tothe capabilities of the device used to produce the pattern. Anydeviation from the nominal scale is recorded in the tag data to allowaccurate generation of position samples.

Each symbol shown in the tag structure in FIG. 21 has a unique label.Each label consists an alphabetic prefix and a numeric suffix.

Tag Group

Tags are arranged into tag groups. Each tag group contains three tagsarranged in a line. Each tag therefore has one of three possible tagtypes according to its location within the tag group. The tag types arelabelled P, Q and R, as shown in FIG. 26.

FIG. 27 shows how tag groups are repeated in a continuous tiling oftags. The tiling guarantees the any set of three adjacent tags containsone tag of each type.

Orientation-Indicating Cyclic Position Code

The tag contains a 2³-ary (6,1) cyclic position codeword (this work iscurrently the subject of two pending US patent applications, entitled“Cyclic position codes” and “Orientation indicating cyclic positioncodes” with application Ser. Nos. 10/120,441 and 10/409,864,respectively) which can be decoded at any of the six possibleorientations of the tag to determine the actual orientation of the tag.Symbols which are part of the cyclic position codeword have a prefix of“R” and are numbered 0 to 5 in order of increasing significance.

The layout of the orientation-indicating cyclic position codeword isshown in FIG. 28.

The cyclic position codeword is (0,5,6,9,A₁₆,F₁₆). Note that it onlyuses six distinct symbol values, even though a four-bit symbol hassixteen possible values. During decoding, any unused symbol valueshould, if detected, be treated as an erasure. To maximise theprobability of low-weight bit error patterns causing erasures ratherthan symbol errors, the symbol values are chosen to be evenly-spaced onthe hypercube.

The minimum distance of the cyclic position code is 6, hence itserror-correcting capacity is two symbols in the presence of up to oneerasure, one symbol in the presence of two or three erasures, and nosymbols in the presence of four or more erasures.

Local Codeword

The tag locally contains one complete codeword, labelled A, which isused to encode information unique to the tag. The codeword is of apunctured 2⁴-ary (12,7) Reed-Solomon code. The tag therefore encodes upto 28 bits of information unique to the tag.

The layout of the local codeword is shown in FIG. 29.

Distributed Codewords

The tag also contains fragments of six codewords, labelled B through G,which are distributed across three adjacent tags and which are used toencode information common to a set of contiguous tags. Each codeword isof a punctured 2⁴-ary (12,7) Reed-Solomon code. Any three adjacent tagstherefore together encode up to 168 bits of information common to a setof contiguous tags.

The layout of the first four fragments of the six codewords B through Gin tag type P is shown in FIG. 30. The layout in the other tag typesfollows the layout in tag type P, with symbols 4 through 7 in tag typeQ, and fragments 8 through 11 in tag type Q.

The layout of the six complete codewords B through G, distributed acrossthe three tag types P, Q and R, is shown in FIG. 31.

As shown earlier in FIG. 27, the tiling guarantees the any set of threeadjacent tags contains one tag of each type, and therefore contains acomplete set of distributed codewords. The tag type, used to determinethe registration of the distributed codewords with respect to aparticular set of adjacent tags, is inferred from the x-y coordinateencoded in the local codeword of each tag.

Tag Segment Geometry

FIG. 32 shows the geometry of a tag segment.

FIG. 33 shows the spacing d between tag segments, required to maintainconsistent spacing between macrodots, where d is given by:d=(1−{square root}{square root over (3)}/2)s

FIG. 34 shows the effect of the inter-segment spacing d on targetposition. Compared with their nominal positions in relation toclosely-packed segments (i.e. with d=0), diagonal targets must bedisplaced by and horizontal targets must be displaced by(Δ_(x),Δ_(y))=(±2/{square root}{square root over (3)},0)d.Reed-Solomon Encoding

Codewords are encoded using a punctured 2⁴-ary (12,7) Reed-Solomon code.

A 2⁴-ary (12,7) Reed-Solomon code encodes 28 data bits (i.e. seven 4-bitsymbols) and 20 redundancy bits (i.e. five 4-bit symbols) in eachcodeword. Its error-detecting capacity is five symbols. Itserror-correcting capacity is two symbols.

As shown in FIG. 35, codeword coordinates are indexed in coefficientorder, and the data bit ordering follows the codeword bit ordering.

A punctured 2⁴-ary (12,7) Reed-Solomon code is a 2⁴-ary (15,7)Reed-Solomon code with three redundancy coordinates removed. The removedcoordinates are the most significant redundancy coordinates.

The code has the following primitive polynominal:p(x)=x ⁴ +x+1

The code has the following generator polynominal:g(x)=(x+α)(x+α ²) . . . (x+α ⁸)

For a detailed description of Reed-Solomon codes, refer to Wicker, S. B.and V. K. Bhargava, eds., Reed-Solomon Codes and Their Applications,IEEE Press, 1994.

Tag Coordinate Space

The tag coordinate space has two orthogonal axes labelled x and yrespectively. When the positive x axis points to the right then thepositive y axis points down.

The surface coding does not specify the location of the tag coordinatespace origin on a particular tagged surface, nor the orientation of thetag coordinate space with respect to the surface. This information isapplication-specific. For example, if the tagged surface is a sheet ofpaper, then the application which prints the tags onto the paper mayrecord the actual offset and orientation, and these can be used tonormalise any digital ink subsequently captured in conjunction with thesurface.

The position encoded in a tag is defined in units of tags. Tagcoordinates are arranged as shown in in FIG. 36, where the tag withcoordinate (0,0) is a P type tag. By convention, the position of a tagwith an even y coordinate is defined to be the position of the center ofthe tag. The position of a tag with an odd y coordinate is thereforedefined to be the position of the midpoint between the center of the tagand the center of its neighboring tag on the left.

Horizontal and vertical tag units, based on center-to-center tag tagspacings, are given by:$u_{x} = {{{4\left( {2\sqrt{3}s} \right)} + {2d}} \cong {14.1s}}$$u_{y} = {{{6\left( {2s} \right)} + {2\left( {d\frac{\sqrt{3}}{2}} \right)}} \cong {12.2s}}$where d is the inter-segment spacing given byd=(1−{square root}{square root over (3)}/2)s

If the three tag types P, Q and R are assigned values 0, 1 and 2respectively, then the type ^(t) of a tag is inferred from its (x,y)coordinate as follows. If y is even, then:t=xmodulo 3if y is odd, then:t=(x−1)modulo 3Tag Information Content

Table 7 defines the information fields embedded in the surface coding.Table 8 defines how these fields map to codewords. TABLE 7 FieldDefinitions Field width description per tag X 10 The unsigned xcoordinate of the tag allows a coordinate maximum x coordinate value ofapproximately 2.1 m (based on EQ 4). Y 10 The unsigned y coordinate ofthe tag allows a coordinate maximum y coordinate value of approximately1.8 m (based on EQ 5. active 1 A flag indicating whether the tag is amember of an area flag active area. b′1′ indicates membership. activearea 1 A flag indicating whether an active area map is map flag present.b′1′ indicates the presence of a map (see next field). If the map isabsent then the value of each map entry is derived from the active areaflag (see previous field). active 6 A map of which of the tag'simmediate six area map neighbours are members of an active area. b′1′indicates membership - FIG. 37 indicates the bit ordering of the mapdata 6 A fragment of an embedded data stream. Only fragment present ifthe active area map is absent. per tag group encoding 12 The format ofthe encoding. format 0: the present encoding Other values are TBA.macrodot 16 The difference between the actual macrodot spacing spacingand the nominal macrodot spacing, in nm units, in adjustmentsign-magnitude format - the nominal macrodot spacing is 142875 nm (basedon 1600 dpi and 9 dots per macrodot) region 12 Flags controlling theinterpretation and routing of flags region-related information. 0:region ID is an EPC 1: region is linked 2: region is interactive 3:region is signed 4: region includes data 5: region relates to mobileapplication Other bits are reserved and must be zero. region ID 112 TheID of the region containing the tags. CRC 16 A CRC (CCITT CRC-16) of taggroup data.

The active area map indicates whether the corresponding tags are membersof an active area. An active area is an area within which any capturedinput should be immediately forwarded to the corresponding Hyperlabelserver for interpretation. It also allows the Hyperlabel sensing deviceto signal to the user that the input will have an immediate effect.TABLE 8 Mapping of fields to codewords codeword field field codewordbits width bits field A  9:0 10 all x coordinate 19:10 10 all ycoordinate 20 1 all active area flag 21 1 all active area map flag 27:226 all active area map 27:22 6 all data fragment B 11:0 12 all Encodingformat 27:12 16 all Macrodot spacing adjustment C 11:0 12 all regionflags 27:12 16 27:12 region ID D 27:0 28 55:28 E 27:0 28 83:56 F 27:0 28111:84  G 11:0 12 11:0  27:12 16 all CRCEmbedded Data If the “region includes data” flag in the region flags isset then the surface coding contains embedded data. The data is encodedin multiple contiguous tags' data fragments, and is replicated in thesurface coding as many times as it will fit.

The embedded data is encoded in such a way that a random and partialscan of the surface coding containing the embedded data can besufficient to retrieve the entire data. The scanning system reassemblesthe data from retrieved fragments, and reports to the user whensufficient fragments have been retrieved without error.

As shown in Table 9, a 216-bit data block encodes 160 bits of data.TABLE 9 Embedded data block field width Description data type 16 Thetype of the data in the superblock. Values include: 0: type iscontrolled by region flags 1: MIME Other values are TBA. superblockwidth 12 The width of the superblock, in blocks. superblock height 12The height of the superblock, in blocks. data 160 The block data. CRC 16A CRC of the block data. total 216

The block data is encoded in the data fragments of a contiguous group of36 tags arranged in a 6×6 square as shown in FIG. 38. A tag belongs to ablock whose integer x and y coordinates are the tag's x and ycoordinates divided by 6. Within each block the data is arranged intotags with increasing x coordinate within increasing y coordinate.

A data fragment may be missing from a block where an active area map ispresent. However, the missing data fragment is likely to be recoverablefrom another copy of the block.

Data of arbitrary size is encoded into a superblock consisting of acontiguous set of blocks arranged in a rectangle. The size of thesuperblock is encoded in each block. A block belongs to a superblockwhose integer coordinate is the block's coordinate divided by thesuperblock size. Within each superblock the data is arranged into blockswith increasing x coordinate within increasing y coordinate.

The superblock is replicated in the surface coding as many times as itwill fit, including partially along the edges of the surface coding.

The data encoded in the superblock may include more precise typeinformation, more precise size information, and more extensive errordetection and/or correction data.

General Considerations

Cryptographic Signature of Region ID

If the “region is signed” flag in the region flags is set then thesurface coding contains a 160-bit cryptographic signature of the regionID. The signature is encoded in a one-block superblock.

In an online environment any signature fragment can be used, inconjunction with the region ID, to validate the signature. In an offlineenvironment the entire signature can be recovered by reading multipletags, and can then be validated using the corresponding public signaturekey.

Mime Data

If the embedded data type is “MIME” then the superblock containsMultipurpose Internet Mail Extensions (MIME) data according to RFC 2045(Freed, N., and N. Borenstein, “Multipurpose Internet Mail Extensions(MIME)—Part One: Format of Internet Message Bodies”, RFC 2045, November1996), RFC 2046 (Freed, N., and N. Borenstein, “Multipurpose InternetMail Extensions (MIME)—Part Two: Media Types”, RFC 2046, November 1996)and related RFCs. The MIME data consists of a header followed by a body.The header is encoded as a variable-length text string preceded by an8-bit string length. The body is encoded as a variable-lengthtype-specific octet stream preceded by a 16-bit size in big-endianformat.

The basic top-level media types described in RFC 2046 include text,image, audio, video and application.

RFC 2425 (Howes, T., M. Smith and F. Dawson, “A MIME Content-Type forDirectory Information”, RFC 2045, September 1998) and RFC 2426 (Dawson,F., and T. Howes, “vCard MIME Directory Profile”, RFC 2046, September1998) describe a text subtype for directory information suitable, forexample, for encoding contact information which might appear on abusiness card.

Encoding and Printing Considerations

The Print Engine Controller (PEC) (which is the subject of a number ofpending US patent applications, including: Ser. Nos. 09/575,108;10/727,162; 09/575,110; 09/607,985; U.S. Pat. No. 6,398,332; 6,394,573;6,622,923) supports the encoding of two fixed (per-page) 2⁴-ary (15,7)Reed-Solomon codewords and four variable (per-tag) 2⁴-ary (15,7)Reed-Solomon codewords, although other numbers of codewords can be usedfor different schemes.

Furthermore, PEC supports the rendering of tags via a rectangular unitcell whose layout is constant (per page) but whose variable codeworddata may vary from one unit cell to the next. PEC does not allow unitcells to overlap in the direction of page movement.

A unit cell compatible with PEC contains a single tag group consistingof four tags. The tag group contains a single A codeword unique to thetag group but replicated four times within the tag group, and fourunique B codewords. These can be encoded using five of PEC's sixsupported variable codewords. The tag group also contains eight fixed Cand D codewords. One of these can be encoded using the remaining one ofPEC's variable codewords, two more can be encoded using PEC's two fixedcodewords, and the remaining five can be encoded and pre-rendered intothe Tag Format Structure (TFS) supplied to PEC.

PEC imposes a limit of 32 unique bit addresses per TFS row. The contentsof the unit cell respect this limit. PEC also imposes a limit of 384 onthe width of the TFS. The contents of the unit cell respect this limit.

Note that for a reasonable page size, the number of variable coordinatebits in the A codeword is modest, making encoding via a lookup tabletractable. Encoding of the B codeword via a lookup table may also bepossible. Note that since a Reed-Solomon code is systematic, only theredundancy data needs to appear in the lookup table.

Imaging and Decoding Considerations

The minimum imaging field of view required to guarantee acquisition ofan entire tag has a diameter of 39.6s, i.e.(2×(12+2)){square root}{square root over (2)}sallowing for arbitrary alignment between the surface coding and thefield of view. Given a macrodot spacing of 143 μm, this gives a requiredfield of view of 5.7 mm.

Table 10 gives pitch ranges achievable for the present surface codingfor different sampling rates, assuming an image sensor size of 128pixels. TABLE 10 Pitch ranges achievable for present surface coding fordifferent sampling rates, computed using Optimize Hyperlabel Optics; dotpitch = 1600 dpi, macrodot pitch = 9 dots, viewing distance = 30 mm,nib-to-FOV separation = 1 mm, image sensor size = 128 pixels samplingrate pitch range 2 −40 to +49 2.5 −27 to +36 3 −10 to +18

For the surface coding of the first example, the corresponding decodingsequence is as follows:

-   -   locate targets of complete tag    -   infer perspective transform from targets    -   sample and decode any one of tag's four codewords    -   determine codeword type and hence tag orientation    -   sample and decode required local (A and B) codewords    -   codeword redundancy is only 12 bits, so only detect errors    -   on decode error flag bad position sample    -   determine tag x-y location, with reference to tag orientation    -   infer 3D tag transform from oriented targets    -   determine nib x-y location from tag x-y location and 3D        transform    -   determine active area status of nib location with reference to        active area map    -   generate local feedback based on nib active area status    -   determine tag type from A codeword    -   sample and decode required global (C and D) codewords (modulo        window alignment, with reference to tag type)    -   although codeword redundancy is only 12 bits, correct errors;        subsequent CRC verification will detect erroneous error        correction    -   verify tag group data CRC    -   on decode error flag bad region ID sample    -   determine encoding type, and reject unknown encoding    -   determine region flags    -   determine region ID    -   encode region ID, nib x-y location, nib active area status in        digital ink    -   route digital ink based on region flags

Note that region ID decoding need not occur at the same rate as positiondecoding.

Note that decoding of a codeword can be avoided if the codeword is foundto be identical to an already-known good codeword.

For the surface coding of the alternative first example, thecorresponding decoding sequence is as follows:

-   -   locate targets of complete tag    -   infer perspective transform from targets    -   sample cyclic position code    -   decode cyclic position code    -   determine orientation from cyclic position code    -   sample and decode local Reed-Solomon codeword    -   determine tag x-y location    -   infer 3D tag transform from oriented targets    -   determine nib x-y location from tag x-y location and 3D        transform    -   determine active area status of nib location with reference to        active area map    -   generate local feedback based on nib active area status        determine tag type    -   sample distributed Reed-Solomon codewords (modulo window        alignment, with reference to tag type)    -   decode distributed Reed-Solomon codewords    -   verify tag group data CRC    -   on decode error flag bad region ID sample    -   determine encoding type, and reject unknown encoding    -   determine region flags    -   determine region ID    -   encode region ID, nib x-y location, nib active area status in        digital ink    -   route digital ink based on region flags

Region ID decoding need not occur at the same rate as position decodingand decoding of a codeword can be avoided if the codeword is found to beidentical to an already-known good codeword.

If the high-order coordinate width is non-zero, then special care mustbe taken on boundaries between tags where the low-order x or ycoordinate wraps, otherwise codeword errors may be introduced. Ifwrapping is detected from the low-order x or y coordinate (i.e. itcontains all zero bits or all one bits), then the correspondinghigh-order coordinate can be adjusted before codeword decoding. In theabsence of genuine symbol errors in the high-order coordinate, this willprevent the inadvertent introduction of codeword errors.

Expanded Tag

The tag can be expanded to increase its data capacity by addingadditional bands of symbols about its circumference. This appendixdescribes an expanded tag with one additional band of symbols. While thetag described in the main part of the document has a raw capacity of 36symbols, the expanded tag has a raw capacity of 60 symbols.

The capacity of the expanded tag is precisely sufficient to allow theinclusion of a complete 160-bit digital signature in each tag group.This allows complete digital signature verification on a “single-click”interaction with the surface coding.

Tag Structure

FIG. 39 shows the structure of a complete (P type) expanded tag. Apartfrom the additional band of symbols and the related change in thepositions of the targets, it has a similar physical structure to the tagdescribed earlier.

In the expanded tag the macrodot spacing ^(s) has a nominal value of 111μm, based on 7 dots printed at a pitch of 1600 dots per inch.

A macrodot is nominally circular with a nominal diameter of ( 3/7)s.

A target is nominally circular with a nominal diameter of ( 10/7)s.

The expanded tag, like the tag described earlier, also participates in atag group, and each expanded tag has one of the three possible tag typesP, Q and R.

The expanded tag, like the tag described earlier, contains anorientation-indicating cyclic position code.

Local Codeword

The expanded tag locally contains one complete codeword which is used toencode information unique to the tag. The codeword is of a punctured2⁴-ary (12,7) Reed-Solomon code. The tag therefore encodes up to 28 bitsof information unique to the tag.

The layout of the local codeword is shown in FIG. 40.

Distributed Codewords

The expanded tag contains fragments of twelve codewords, labelled Bthrough M, which are distributed across three adjacent tags and whichare used to encode information common to a set of contiguous tags. Eachcodeword is of a punctured 2⁴-ary (12,7) Reed-Solomon code. Any threeadjacent tags therefore together encode up to 336 bits of informationcommon to a set of contiguous tags.

The layout of the first four fragments of the six codewords B through Gin tag type P is shown in FIG. 41. The layout in the other tag typesfollows the layout in tag type P, with symbols 4 through 7 in tag typeQ, and fragments 8 through 11 in tag type Q.

The layout of the first four fragments of the six codewords H through Min tag type P is shown in FIG. 42. The layout in the other tag typesfollows the layout in tag type P, with symbols 4 through 7 in tag typeQ, and fragments 8 through 11 in tag type Q.

As shown earlier in FIG. 37, the tiling guarantees the any set of threeadjacent tags contains one tag of each type, and therefore contains acomplete set of distributed codewords. The tag type, used to determinethe registration of the distributed codewords with respect to aparticular set of adjacent tags, is inferred from the x-y coordinateencoded in the local codeword of each tag.

Tag Coordinate Space

The tag coordinate space encoded in the expanded tag is identical tothat encoded in the tag described earlier, with the exception that tagunits are different (due both to the change in tag structure and thechange in macrodot spacing).

Horizontal and vertical tag units, based on center-to-center tag tagspacings, are given by:$u_{x} = {{{5\left( {2\sqrt{3}s} \right)} + {2d}} \cong {17.6s}}$$u_{y} = {{{7.5\left( {2s} \right)} + {2\left( {d\frac{\sqrt{3}}{2}} \right)}} \cong {15.2s}}$where d is the inter-segment spacing given byd=(1−{square root}{square root over (3)}/2)sTag Information Content

Table 11 defines the information fields embedded in the expanded tagsurface coding. Table 12 defines how these fields map to codewords.TABLE 11 Field definitions Field width description per tag x coordinate10 The unsigned x coordinate of the tag - allows a maximum x coordinatevalue of approximately 2.0 m (based on EQ 8). y coordinate 10 Theunsigned y coordinate of the tag - allows a maximum y coordinate valueof approximately 1.7 m (based on EQ 9) active area flag 1 A flagindicating whether the tag is a member of an active area. b′1′ indicatesmembership. active area map flag 1 A flag indicating whether an activearea map is present. b′1′ indicates the presence of a map (see nextfield). If the map is absent then the value of each map entry is derivedfrom the active area flag (see previous field). active area map 6 A mapof which of the tag's immediate six neighbours are members of an activearea. b′1′ indicates membership - FIG. 37 indicates the bit ordering ofthe map data fragment 6 A fragment of an embedded data stream. Onlypresent if the active area map is absent. per tag group encoding format12 The format of the encoding. Refer to Table 5 for values. macrodotspacing adjustment 16 The difference between the actual macrodot spacingand the nominal macrodot spacing, in nm units, in sign- magnitudeformat - the nominal macrodot spacing is 111125 nm (based on 1600 dpiand 7 dots per macrodot region flags 12 Flags controlling theinterpretation and routing of region- related information. Refer toTable 5 for values. region ID 112 The ID of the region containing thetags. Signature 160 A digital signature of the region ID. CRC 16 A CRC(CCITT CRC-16) of tag group data.

TABLE 12 Mapping of fields to codewords codeword field field codewordbits width bits field A  9:0 10 all x coordinate  19:10 10 all ycoordinate 20 1 all active area flag 21 1 all active area map flag 27:22 6 all active area map  27:22 6 all data fragment B 11:0 12 allencoding format  27:12 16 all macrodot spacing adjustment C 11:0 12 allregion flags  27:12 16 27:12 region ID D 27:0 28 55:28 E 27:0 28 83:56 F27:0 28 111:84  G 11:0 12 11:0   27:12 16 all CRC H 27:0 28 27:0 signature I 27:0 28 55:28 J 27:0 28 83:56 K 27:0 28 111:84  L 27:0 28139:112 M 19:0 20 159:140  27:20 8 all unusedEncoding and Printing Considerations

The tag group unit cell of the expanded tag only respects PEC's TFSwidth limit if the macrodot spacing is reduced from 9 to 7 dots, asreflected in the macrodot spacing ^(s) of 111 μm.

Imaging and Decoding Considerations

The minimum imaging field of view required to guarantee acquisition ofan entire expanded tag has a diameter of 44s i.e.2(1+8+2)2s),allowing for arbitrary alignment between the surface coding and thefield of view. Given a macrodot spacing of 111 μm this gives a requiredfield of view of approximately 4.0 mm.Surface Coding SecuritySecurity Requirements

Item security can be defined to have two related purposes:

-   -   to allow authentication of an item    -   to prevent forgery of an item

The greater the difficulty of forgery, the greater the trustworthinessof authentication. When an item is coded, Hyperlabel surface codingsecurity has two corresponding purposes:

-   -   to allow authentication of a coded item    -   to prevent forgery of a coded item with a novel item ID

If a user is able to determine the authenticity of the surface coding ofan item, then the user may be able to make an informed decision aboutthe likely authenticity of the item.

If it is intractable to forge the surface coding for a novel ID, thenthe only tractable way of forging an item with an authentic surfacecoding is to duplicate the surface coding of an existing item (and henceits ID). If the user is able to determine by other means that the ID ofan item is likely to be unique, then the user may assume that the itemis authentic.

Since the Hyperlabel surface coding allows meaningful interactionbetween a sensing device and a coded surface during a purely localinteraction, it is desirable for the surface coding to supportauthentication during a similarly local interaction, i.e. withoutrequiring an increase in the size of the sensing device field of view.

Since no a priori relationship exists between creators of authenticcoded items and users potentially wishing to authenticate such items, itis undesirable to require a trust relationship between creators andusers. For example, it is undesirable to require that creators sharesecret signature keys with users.

It is reasonable for many users to rely on online access to anauthenticator trusted by a creator for the purposes of authenticatingitems. Conversely, it is desirable to allow authentication to take placein the absence of online access.

Security Discussion

As described above, authentication relies on verifying thecorrespondence between data and a signature of that data.

The greater the difficulty in forging a signature, the greater thetrustworthiness of signature-based authentication.

The item ID is unique and therefore provides a basis for a signature. Ifonline authentication access is assumed, then the signature may simplybe a random number associated with the item ID in an authenticationdatabase accessible to the trusted online authenticator. The randomnumber may be generated by any suitable method, such as via adeterministic (pseudo-random) algorithm, or via a stochastic physicalprocess. A keyed hash or encrypted hash may be preferable to a randomnumber since it requires no additional space in the authenticationdatabase. However, a random signature of the same length as a keyedsignature is more secure than the keyed signature since it is notsusceptible to key attacks. Equivalently, a shorter random signatureconfers the same security as a longer keyed signature.

In the limit case no signature is actually required, since the merepresence of the item ID in the database indicates authenticity. However,the use of a signature limits a forger to forging items he has actuallysighted.

To prevent forgery of a signature for an unsighted ID, the signaturemust be large enough to make exhaustive search via repeated accesses tothe online authenticator intractable. If the signature is generatedusing a key rather than randomly, then its length must also be largeenough to prevent the forger from deducing the key from knownID-signature pairs. Signatures of a few hundred bits are consideredsecure, whether generated using private or secret keys.

While it may be practical to include a reasonably secure randomsignature in a tag (or local tag group), particularly if the length ofthe ID is reduced to provide more space for the signature, it may beimpractical to include a secure ID-derived signature in a tag. Tosupport a secure ID-derived signature, we can instead distributefragments of the signature across multiple tags. If each fragment can beverified in isolation against the ID, then the goal of supportingauthentication without increasing the sensing device field of view isachieved. The security of the signature can still derive from the fulllength of the signature rather than from the length of a fragment, sincea forger cannot predict which fragment a user will randomly choose toverify. A trusted authenticator can always perform fragment verificationsince they have access to the key and/or the full stored signature, sofragment verification is always possible when online access to a trustedauthenticator is available.

Fragment verification requires that we prevent brute force attacks onindividual fragments, otherwise a forger can determine the entiresignature by attacking each fragment in turn. A brute force attack canbe prevented by throttling the authenticator on a per-ID basis. However,if fragments are short, then extreme throttling is required. As analternative to throttling the authenticator, the authenticator caninstead enforce a limit on the number of verification requests it iswilling to respond to for a given fragment number. Even if the limit ismade quite small, it is unlikely that a normal user will exhaust it fora given fragment, since there will be many fragments available and theactual fragment chosen by the user can vary. Even a limit of one can bepractical. More generally, the limit should be proportional to the sizeof the fragment, i.e. the smaller the fragment the smaller the limit.Thus the experience of the user would be somewhat invariant of fragmentsize. Both throttling and enforcing fragment verification limits implyserialisation of requests to the authenticator. A fragment verificationlimit need only be imposed once verification fails, i.e. an unlimitednumber of successful verifications can occur before the first failure.Enforcing fragment verification limits further requires theauthenticator to maintain a per-fragment count of satisfied verificationrequests.

A brute force attack can also be prevented by concatenating the fragmentwith a random signature encoded in the tag. While the random signaturecan be thought of as protecting the fragment, the fragment can also bethought of as simply increasing the length of the random signature andhence increasing its security. A fragment verification limit can makeverification subject to a denial of service attack, where an attackerdeliberately exceeds the limit with invalid verification request inorder to prevent further verification of the item ID in question. Thiscan be prevented by only enforcing the fragment verification limit for afragment when the accompanying random signature is correct.

Fragment verification may be made more secure by requiring theverification of a minimum number of fragments simultaneously.

Fragment verification requires fragment identification. Fragments may beexplicitly numbered, or may more economically be identified by thetwo-dimensional coordinate of their tag, modulo the repetition of thesignature across a continuous tiling of tags.

The limited length of the ID itself introduces a further vulnerability.Ideally it should be at least a few hundred bits. In the netpage surfacecoding scheme it is 96 bits or less. To overcome this the ID may bepadded. For this to be effective the padding must be variable, i.e. itmust vary from one ID to the next. Ideally the padding is simply arandom number, and must then be stored in the authentication databaseindexed by ID. If the padding is deterministically generated from the IDthen it is worthless.

Offline authentication of secret-key signatures requires the use of atrusted offline authentication device. The QA chip (which is the subjectof a number of pending US patent applications, including Ser. Nos.09/112,763; 09/112,762; 09/112,737; 09/112,761; 09/113,223) provides thebasis for such a device, although of limited capacity. The QA chip canbe programmed to verify a signature using a secret key securely held inits internal memory. In this scenario, however, it is impractical tosupport per-ID padding, and it is impractical even to support more thana very few secret keys. Furthermore, a QA chip programmed in this manneris susceptible to a chosen-message attack. These constraints limit theapplicability of a QA-chip-based trusted offline authentication deviceto niche applications.

In general, despite the claimed security of any particular trustedoffline authentication device, creators of secure items are likely to bereluctant to entrust their secret signature keys to such devices, andthis is again likely to limit the applicability of such devices to nicheapplications.

By contrast, offline authentication of public-key signatures (i.e.generated using the corresponding private keys) is highly practical. Anoffline authentication device utilising public keys can trivially holdany number of public keys, and may be designed to retrieve additionalpublic keys on demand, via a transient online connection, when itencounters an ID for which it knows it has no corresponding publicsignature key. Untrusted offline authentication is likely to beattractive to most creators of secure items, since they are able toretain exclusive control of their private signature keys.

A disadvantage of offline authentication of a public-key signature isthat the entire signature must be acquired from the coding, violatingour desire to support authentication with a minimal field of view. Acorresponding advantage of offline authentication of a public-keysignature is that access to the ID padding is no longer required, sincedecryption of the signature using the public signature key generatesboth the ID and its padding, and the padding can then be ignored. Aforger can not take advantage of the fact that the padding is ignoredduring offline authentication, since the padding is not ignored duringonline authentication.

Acquisition of an entire distributed signature is not particularlyonerous. Any random or linear swipe of a hand-held sensing device acrossa coded surface allows it to quickly acquire all of the fragments of thesignature. The sensing device can easily be programmed to signal theuser when it has acquired a full set of fragments and has completedauthentication. A scanning laser can also easily acquire all of thefragments of the signature. Both kinds of devices may be programmed toonly perform authentication when the tags indicate the presence of asignature.

Note that a public-key signature may be authenticated online via any ofits fragments in the same way as any signature, whether generatedrandomly or using a secret key. The trusted online authenticator maygenerate the signature on demand using the private key and ID padding,or may store the signature explicitly in the authentication database.The latter approach obviates the need to store the ID padding.

Note also that signature-based authentication may be used in place offragment-based authentication even when online access to a trustedauthenticator is available.

Table 13 provides a summary of which signature schemes are workable inlight of the foregoing discussion. TABLE 13 Summary of workablesignature schemes encoding acquisition signature online offline in tagsfrom tags generation authentication authentication Local full random okImpractical to store per ID information secret key Signature tooUndesirable to short to be store secret secure keys private Signaturetoo key short to be secure Distributed fragment(s) random okimpractical^(b) secret key ok impractical^(c) private ok impractical^(b)key full random ok impractical^(b) secret key ok impractical^(c) privateok ok keySecurity Specification

FIG. 43 shows an example item signature object model.

An item has an ID (X) and other details (not shown). It optionally has asecret signature (Z). It also optionally has a public-key signature. Thepublic-key signature records the signature (S) explicitly, and/orrecords the padding (P) used in conjunction with the ID to generate thesignature. The public-key signature has an associated public-private keypair (K, L). The key pair is associated with a one or more ranges ofitem IDs.

Typically issuers of security documents and pharmaceuticals will utilisea range of IDs to identify a range of documents or the like. Followingthis, the issuer will then use these details to generate respective IDsfor each item, or document to be marked.

Authentication of the product can then be performed online or offline bysensing the tag data encoded within the tag, and performing theauthentication using a number of different mechanisms depending on thesituation.

Examples of the processes involved will now be described for public andprivate key encryption respectively.

Authentication Based on Public-Key Signature

Setup Per ID Range:

-   -   generate public-private signature key pair (K, L)    -   store key pair (K, L) indexed by ID range        Setup Per ID:    -   generate ID padding (P)    -   retrieve private signature key (L) by ID (X)    -   generate signature (S) by encrypting ID (X) and padding (P)        using private key (L):        S←E _(L)(X,P)    -   store signature (S) in database indexed by ID (X) (and/or store        padding (P))    -   encode ID (X) in all tag groups    -   encode signature (S) across multiple tags in repeated fashion        Online Fragment-Based Authentication (User):    -   acquire ID (X) from tags    -   acquire position (x, y)_(i) and signature fragment (T_(i)) from        tag    -   generate fragment number (i) from position (x, y)_(i):        i←F[(x,y)_(i)]    -   look up trusted authenticator by ID (X)    -   transmit ID (X), fragment (S_(i)) and fragment number (i) to        trusted authenticator        Online Fragment-Based Authentication (Trusted Authenticator):    -   receive ID (X), fragment (S_(i)) and fragment number (i) from        user    -   retrieve signature (S) from database by ID (X) (or re-generate        signature)    -   compare received fragment (T_(i)) with corresponding fragment of        signature (S_(i))    -   report authentication result to user        Offline Signature-Based Authentication (User):    -   acquire ID from tags (X)    -   acquire positions (x, y)_(i) and signature fragments (T_(i))        from tag    -   generate fragment numbers (i) from positions (x, y)_(i):        ←F[(x,y)]        S←S ₀ |S ₁ | . . . S _(n-1)    -   generate signature (S) from (n) fragments:    -   retrieve public signature key (K) by ID (X)    -   decrypt signature (S) using public key (K) to obtain ID (X′) and        padding (P′):        X′|P′←D _(K)(S)    -   compare acquired ID (X) with decrypted ID (X′)    -   report authentication result to user        Authentication Based on Secret-Key Signature        Setup Per ID:    -   generate secret (Z)    -   store secret (Z) in database indexed by ID (X)    -   encode ID (X) and secret (Z) in all tag groups        Online Secret-Based Authentication (User):    -   acquire ID (X) from tags    -   acquire secret (Z′) from tags    -   look up trusted authenticator by ID    -   transmit ID (X) and secret (Z) to trusted authenticator        Online Secret-Based Authentication (Trusted Authenticator):    -   receive ID (A) and secret (Z) from user    -   retrieve secret (Z) from database by ID (X)    -   compared received secret (Z′) with secret (Z)    -   report authentication result to user

As discussed earlier, secret-based authentication may be used inconjunction with fragment-based authentication.

Cryptographic Algorithms

When the public-key signature is authenticated offline, the user'sauthentication device typically does not have access to the padding usedwhen the signature was originally generated. The signature verificationstep must therefore decrypt the signature to allow the authenticationdevice to compare the ID in the signature with the ID acquired from thetags. This precludes the use of algorithms which don't perform thesignature verification step by decrypting the signature, such as thestandard Digital Signature Algorithm U.S. Department ofCommerce/National Institute of Standards and Technology, DigitalSignature Standard (DSS), FIPS 186-2, 27 Jan. 2000.

RSA Encryption is Described in:

-   -   Rivest, R. L., A. Shamír, and L. Adleman, “A Method for        Obtaining Digital Signatures and Public-Key Cryptosystems”,        Communications of the ACM, Vol. 21, No. 2, February 1978, pp.        120-126    -   Rivest, R. L., A. Shamir, and L. M. Adleman, “Cryptographic        communications system and method”, U.S. Pat. No. 4,405,829,        issued 20 Sep. 1983    -   RSA Laboratories, PKCS #1 v2.0: RSA Encryption Standard, Oct. 1,        1998

RSA provides a suitable public-key digital signature algorithm thatdecrypts the signature. RSA provides the basis for the ANSI X9.31digital signature standard American National Standards Institute, ANSIX9.31-1998, Digital Signatures Using Reversible Public Key Cryptographyfor the Financial Services Industry (rDSA), Sep. 8, 1998. If no paddingis used, then any public-key signature algorithm can be used.

In the Hyperlabel surface coding scheme the ID is 96 bits long or less.It is padded to 160 bits prior to being signed.

The padding is ideally generated using a truly random process, such as aquantum process [14,15], or by distilling randomness from random eventsSchneier, B., Applied Cryptography, Second Edition, John Wiley & Sons1996.

In the Hyperlabel surface coding scheme the random signature, or secret,is 36 bits long or less. It is also ideally generated using a trulyrandom process. If a longer random signature is required, then thelength of the item ID in the surface coding can be reduced to provideadditional space for the signature.

Security Tagging and Tracking

Currency, checks and other monetary documents can be tagged in order todetect currency counterfeiting and counter money laundering activities.The Hyperlabel tagged currency can be validated, and tracked through themonetary system. Hyperlabel tagged products such as pharmaceuticals canbe tagged allowing items to be validated and tracked through thedistribution and retail system.

A number of examples of the concepts of Hyperlabel security tagging andtracking referring specifically to bank notes and pharmaceuticals,however Hyperlabel tagging can equally be used to securely tag and trackother products, for example, traveller's checks, demand deposits,passports, chemicals etc.

Hyperlabel tagging, with the netpage system, provides a mechanism forsecurely validating and tracking objects.

Hyperlabel tags on the surface of an object uniquely identify theobject. Each Hyperlabel tag contains information including the object'sunique ID, and the tag's location on the Hyperlabel tagged surface. AHyperlabel tag also contains a signature fragment which can be used toauthenticate the object. A scanning laser or image sensor can read thetags on any part of the object to identify the object, validate theobject, and allow tracking of the object.

Currency Tagging

Currency may be tagged with Hyperlabels in order to detectcounterfeiting and allow tracking of currency movement. Hyperlabel tagscan be printed over the entire bank note surface or can be printed in asmaller region of the note. Hyperlabel tagging can be used in additionto other security features such as holograms, foil strips,colour-shifting inks etc. A scanning laser or image sensor can read thetags on any part of the note to validate each individual note.

A Hyperlabel currency tag identifies the note currency, issue country,and note denomination. It also identifies the note's serial number, thenote side (i.e. front or back), and it may contain other information(for example, the exact printing works where the note was printed).There are two note IDs for each physical bank note—one for each side ofthe note.

Each time a note is scanned its location is recorded. This locationinformation can be collected in a central database allowing analysis andidentification of abnormal money movements and detection of counterfeitnotes. For example, in the case of sophisticated forgeries whereHyperlabel dot patterns are exactly duplicated, there will be multiplecopies of exactly forged notes (at a minimum, the original and theforgery). If multiple identical notes appear in different places at thesame time, all but one of the notes must be a forgery. All can then betreated as suspect.

Hyperlabel currency tags can be read by any Hyperlabel scanner. Thesescanners can be incorporated into a variety of devices to facilitateauthentication and tracking, for example, automated teller machines,currency counters, and vending machines. Scanners may also beincorporated into devices such as:

-   -   Currency counters    -   Automated teller machines    -   Cash registers    -   POS checkouts    -   Mobile phone with inbuilt scanner    -   Netpage pens    -   Vending machines    -   Hyperlabel Supermarket Checkout    -   Mobile Phone with Inbuilt Scanner    -   Handheld Validity Scanner

Such scanners are multi-purpose since they can also be used to scanHyperlabelled consumer goods and printed materials. A small hand-heldscanner may also be used to scan and validate currency. When a scannerscans a note it notifies the currency server of the note details, thecurrent date and time, and the scanner location (if known). Optionallythe scanner may also send the identity of the person making the cashtransaction, if known. This information would be available in respect ofbank transactions, currency exchanges and large cash transactions.

Currency tagging is discussed in further detail in copending patentapplication number [we will need to include a docket number herefor thecurrency specific application]

Pharmaceutical Tagging

Hyperlabel tags can be printed over the entire surface of thepharmaceutical packaging, or only on a smaller area of the packaging. AHyperlabel pharmaceutical tag contains the item's product ID and aserial number, to uniquely identify an individual item. The product IDidentifies the item's National Drug Code (NDC) number. The NDC number isallocated and administered by the FDA (U.S. Food and DrugAdministration) for drugs and drug-related items and identifies theproduct and manufacturer. Alternatively the tag may contain anotherproduct ID code, such as the European International Article Numbering(EAN) code, or EPC etc.

The pharmaceutical ID can be read by a scanner and used to look updetails of the item's lot number and expiry date. Alternatively the lotnumber and expiry date may be contained in the pharmaceutical tag toallow off-line retrieval of this information by any scanner. Thepharmaceutical ID may also be used to access details such as dosage andadministration information, drug interactions, precautions,contraindications, product warnings, recall information, place ofmanufacture etc.

Each time a pharmaceutical item is scanned its location is recorded.This location information can be collected in a central databaseallowing analysis and identification of abnormal product movements anddetection of counterfeit pharmaceuticals.

Suitable scanners can include:

-   -   Cash registers    -   POS checkouts    -   Mobile phone with inbuilt scanner    -   Netpage pens    -   Vending machines

Pharmaceutical tagging is discussed in further detail in copendingpatent application number [we will need to include a docket number herefor the currency specific application]

Tracking

For the purpose of tracking and item validation the manufacturer, orother central authority, maintains a database which tracks the locationand status of all items.

Hyperlabel scanners can be built into a variety of devices. Scanners maybe fixed or mobile. A fixed scanner has a permanent, known location. Amobile scanner has no fixed location. A scanner may be on-line, i.e.have immediate access to the central database, or it may be off-line.

Scanners may be specific to a particular product application, such as acurrency counter, or may be a generic Hyperlabel scanner. Hyperlabelscanners may be embedded in other multi-function devices, for example, amobile phone or PDA.

A central database maintains up-to-date information on valid object IDs,an object ID hotlist (for all suspect object IDs), and a list of publickeys corresponding to object IDs. The central server also maintains anobject scanning history to track an object's movements. Each time anobject is scanned, its timestamped location is recorded. If known, thedetails of the object owner may also be recorded. This information maybe known particularly in the case of large financial transactions e.g. alarge cash withdrawal from a bank. This object scanning history data canbe used to detect illegal product movements, for example, the illegalimport of a pharmaceutical. It can also be used to detect abnormal orsuspicious product movements which may be indicative of productcounterfeiting.

If an object is known to be stolen it can be immediately added to anobject ID hotlist on the central server. This hotlist is automaticallydistributed to (or becomes accessible to) all on-line scanners, and willbe downloaded to all off-line scanners on their next update. In this waythe stolen status is automatically and rapidly disseminated to a hugenumber of outlets. Similarly, if an object is in any other way suspectit can be added to the hotlist so that its status is flagged to theperson scanning the object.

An on-line scanner has instant access to the central server to allowchecking of each object ID at the time of scanning. The object scanninghistory is also updated at the central server at the time the object isscanned.

An off-line scanner stores object status data internally to allowvalidation of a scanned object. The object status data includes valid IDrange lists, an object ID hotlist, a public key list, and an objectscanning history. Each time an object is scanned the details arerecorded in the object scanning history. The object status data isdownloaded from the central server, and the object scanning history isuploaded to the central server, each time the scanner connects.

A mobile scanner's location can be provided to the application by thescanner, if it is GPS-equipped. Alternatively the scanner's location canbe provided by the network through which it communicates.

For example, if the hand-held scanner uses the mobile phone network, thescanner's location can be provided by the mobile phone network provider.There are a number of location technologies available. One is AssistedGlobal Positioning System (A-GPS). This requires a GPS-equipped handset,which receives positioning signals from GPS satellites. The phonenetwork knows the approximate location of the handset (in this case thehandset is also the scanner) from the nearest cell site. Based on this,the network tells the handset which GPS satellites to use in itsposition calculations. Another technology, which does not require thedevice to be GPS-equipped, is Uplink Time Difference of Arrival(U-TDOA). This determines the location of a wireless handset, using aform of triangulation, by comparing the time it takes a wirelesshandset's signal to reach several Location Measurement Units (LMUs)installed at the network's cell sites. The handset location is thencalculated based on the differences in arrival times of the three (ormore) signals.

Authentication

Each object ID has a signature. Limited space within the Hyperlabel tagstructure makes it impractical to include a full cryptographic signaturein a tag so signature fragments are distributed across multiple tags. Asmaller random signature, or secret, can be included in a tag.

To avoid any vulnerability due to the limited length of the object ID,the object ID is padded, ideally with a random number. The padding isstored in an authentication database indexed by object ID. Theauthentication database may be managed by the manufacturer, or it may bemanaged by a third-party trusted authenticator.

Each Hyperlabel tag contains a signature fragment and each fragment (ora subset of fragments) can be verified, in isolation, against the objectID. The security of the signature still derives from the full length ofthe signature rather than from the length of the fragment, since aforger cannot predict which fragment a user will randomly choose toverify.

Fragment verification requires fragment identification. Fragments may beexplicitly numbered, or may by identified by the two-dimensionalcoordinate of their tag, modulo the repetition of the signature acrosscontinuous tiling of tags.

Note that a trusted authenticator can always perform fragmentverification, so fragment verification is always possible when on-lineaccess to a trusted authenticator is available.

Establishing Authentication Database

Prior to allocating a new range of IDs, some setup tasks are required toestablish the authentication database.

For each range of IDs a public-private signature key pair is generatedand the key pair is stored in the authentication database, indexed by IDrange.

For each object ID in the range the following setup is required:

-   -   generate ID padding and store in authentication database,        indexed by object ID    -   retrieve private signature key by object ID    -   generate signature by encrypting object ID and padding, using        private key    -   store signature in authentication database indexed by object ID,        and/or store the padding, since the signature can be        re-generated using the ID, padding and private key    -   encode the signature across multiple tags in repeated fashion

This data is required for the Hyperlabel tags therefore theauthentication database must be established prior to, or at the time of,printing of the Hyperlabels.

Security issues are discussed in more detail above.

Off-Line Public-Key-Based Authentication

An off-line authentication device utilises public-key signatures. Theauthentication device holds a number of public keys. The device may,optionally, retrieve additional public keys on demand, via a transienton-line connection when it encounters an object ID for which it has nocorresponding public key signature.

For off-line authentication, the entire signature is needed. Theauthentication device is swiped over the Hyperlabel tagged surface and anumber of tags are read. From this, the object ID is acquired, as wellas a number of signature fragments and their positions. The signature isthen generated from these signature fragments. The public key is lookedup, from the scanning device using the object ID. The signature is thendecrypted using the public key, to give an object ID and padding. If theobject ID obtained from the signature matches the object ID in theHyperlabel tag then the object is considered authentic.

The off-line authentication method can also be used on-line, with thetrusted authenticator playing the role of authenticator.

On-Line Public-Key-Based Authentication

An on-line authentication device uses a trusted authenticator to verifythe authenticity of an object. For on-line authentication a single tagcan be all that is required to perform authentication. Theauthentication device scans the object and acquires one or more tags.From this, the object ID is acquired, as well as at least one signaturefragment and its position. The fragment number is generated from thefragment position. The appropriate trusted authenticator is looked up bythe object ID. The object ID, signature fragment, and fragment numberare sent to the trusted authenticator.

The trusted authenticator receives the data and retrieves the signaturefrom the authentication database by object ID. This signature iscompared with the supplied fragment, and the authentication result isreported to the user.

On-Line Secret-Based Authentication

Alternatively or additionally, if a random signature or secret isincluded in each tag (or tag group), then this can be verified withreference to a copy of the secret accessible to a trusted authenticator.Database setup then includes allocating a secret for each object, andstoring it in the authentication database, indexed by object ID.

The authentication device scans the object and acquires one or moretags. From this, the object ID is acquired, as well as the secret. Theappropriate trusted authenticator is looked up by the object ID. Theobject ID and secret are sent to the trusted authenticator.

The trusted authenticator receives the data and retrieves the secretfrom the authentication database by object ID. This secret is comparedwith the supplied secret, and the authentication result is reported tothe user.

Secret-based authentication can be used in conjunction with on-linefragment-based authentication is discussed in more detail above.

Product Scanning Interactions

Product Scanning at a retailer is illustrated in FIG. 44. When a storeoperator scans a Hyperlabel tagged product the tag data is sent to theservice terminal (A). The service terminal sends the transaction data tothe store server (B). The store server sends this data, along with theretailer details, to the manufacturer server (C). The Hyperlabel serverknows which manufacturer server to send the message to from the objectID. On receipt of the input, the manufacturer server authenticates theobject, if the manufacturer is the trusted authenticator. Alternativelythe manufacturer server passes the data on to the authentication serverto verify the object ID and signature (D). The authentication serversends the authentication result back to the manufacturer server (E). Themanufacturer server checks the status of the object ID (against itsvalid ID lists and hotlist), and sends the response to the store server(F), which in turn send the result back the store service terminal (G).The store server could also communicate with the relevant authenticationserver directly.

The interaction detail for on-line product scanning at a retailer isshown in FIG. 45. The store operator scans the Hyperlabel taggedproduct. The scanner sends the scanner ID and tag data to the serviceterminal. The service terminal sends this data along with the terminalID and scanner location to the store server. The store server then sendsthe request on to the manufacturer server, which performs authentication(either itself or via a third party authentication server) anddetermines the object status. The response is then sent back to thestore server, and on to the operator service terminal.

The interaction detail for off-line product scanning at a retailer isshown in FIG. 46. The store operator scans the Hyperlabel taggedproduct. The scanner sends the scanner ID and tag data from multipletags to the service terminal. The service terminal sends this data,along with the terminal ID and scanner location, to the store server.The store server then performs off-line authentication, as described inSection 3.4.2, and determines the object status through its cachedhotlist, valid object ID lists, and public key list. The store serverrecords the scan details in its internal object scanning history. Theresponse is then sent back to the operator service terminal.

An alternative for off-line product scanner occurs where the scanner isa hand-held, stand-alone scanner. In this case the cached authenticationdata is stored within the scanner itself, and the scanner performs thevalidation internally. The object scanning history is also cached withinthe scanner. Periodically the scanner connects to the central database,uploads it's object scanning history, and downloads the latest publickey list, object ID hotlist and valid ID range list. This connection maybe automatic (and invisible to the user), or may be initiated by theuser, for example, when the scanner is placed in a dockingstation/charger.

Product scanning with a netpage pen is illustrated in FIG. 47. When auser scans a Hyperlabel tagged item with their netpage pen, the input issent to the netpage System, from the user's netpage pen, in the usualway (A). To scan a product rather than interact with it, the pen can beplaced in a special mode. This is typically a one-shot mode, and can beinitiated by tapping on a <scan> button printed on a netpage.Alternatively, the pen can have a user-operable button, which, when helddown during a tap or swipe, tells the pen to treat the interaction as aproduct scan rather than a normal interaction. The tag data istransmitted from the pen to the user's netpage base station. The netpagebase station may be the user's mobile phone or PDA, or it may be someother netpage device, such as a PC. The input is relayed to theHyperlabel server (B) and then on to manufacturer server (C) in theusual way. On receipt of the input, the manufacturer serverauthenticates the object if the manufacturer is the trustedauthenticator. Alternatively the manufacturer server passes the data onto the authentication server to verify the object ID and signature (D).The authentication server sends the authentication result back to themanufacturer server (E). The manufacturer server checks the status ofthe object ID (against its valid ID lists and hotlist), and sends theresponse to the Hyperlabel server (G). The Hyperlabel server, as part ofthe netpage system, can know the identity and devices of the user. TheHyperlabel server will relay the manufacturer server's response to theuser's phone (G) or Web browsing device (H) as appropriate. If theuser's netpage pen has LEDs then the Hyperlabel server can send acommand to the user's pen to light the appropriate LED(s) (I,J).

The interaction detail for scanning with a netpage pen is shown in FIG.48. The netpage pen clicks on the Hyperlabel tagged product. The netpagepen sends the pen id, the product's tag data and the pen's location tothe Hyperlabel server. If the pen ID is not already associated with ascanner, the Hyperlabel server may create a new scanner record for thepen, or may use the pen ID as a scanner ID. The Hyperlabel server sendsthe scanner ID, tag data, and scanner location (if known) to themanufacturer server, which performs authentication (either itself or viaa third party authentication server) and determines the object status.The response is then sent back to the Hyperlabel server, and on to theuser's default Web browsing device.

Security Tagging and Tracking Object Model

The Security Tagging and Tracking object model revolves aroundHyperlabel tags, object IDs, and signatures. FIG. 60 illustrates themanagement and organisation of these objects.

As shown in FIG. 49, a Hyperlabel tag comprises a tag type, object ID,two-dimensional position and a signature fragment. The tag typeindicates whether this is a tag on a common object, or whether the tagis on a special type of object such as a currency note or apharmaceutical product. A signature fragment has an optional fragmentnumber which identifies the fragment's place within the full signature.

As described above, a product's unique item ID may be seen as a specialkind of unique object ID. The Electronic Product Code (EPC) is oneemerging standard for an item ID. An item ID typically consists of aproduct ID and a serial number. The product ID identifies a class ofproduct, while the serial number identifies a particular instance ofthat class, i.e. an individual product item. The product ID in turntypically consists of a manufacturer number and a product class number.The best-known product ID is the EAN.UCC Universal Product Code (UPC)and its variants. The Item ID class diagram is shown in FIG. 50.

Currency notes are identified by a note ID. The note ID comprises notedata and a serial number. The note data identifies the type of currency,the country of issue, the note denomination, the note side (front orback) and other currency-specific information. There are two note IDsfor each physical bank note—one for each side of the printed note. TheNote ID class diagram is shown in FIG. 51.

Pharmaceuticals are identified by a pharmaceutical ID. Typically thepharmaceutical ID will be an EPC. A pharmaceutical ID consists of aproduct ID and a serial number. The product ID in turn typicallyconsists of a manufacturer number and a product class number. The bestknown product ID for pharmaceutical products is the National Drug Code(NDC), allocated and administered by the US Food and DrugAdministration. The Pharmaceutical ID class diagram is shown in FIG. 52.

Object Description, ownership and aggregation class diagram is shown inFIG. 53. This is described in more detail above.

The Object Scanning History class diagram is shown in FIG. 54. An objecthas an object scanning history, recording each time the scanner scans anobject. Each object scanned event comprises the scanner ID, the date andtime of the scan, and the object status at the time of the scan, and thelocation of the scanner at the time the object was scanned. The objectstatus may be valid, stolen, counterfeit suspected, etc. If known, theobject owner details may also be recorded.

A scanner has a unique scanner ID, a network address, owner informationand a status (e.g. on-line, off-line). A scanner is either a mobilescanner, whose location may vary, or a fixed scanner, whose location isknown and constant. A scanner has a current location, comprising thelocation details and a timestamp. A scanner may be a netpage pen, inwhich case it will be associated with a netpage Pen record. If a scannerin off-line, it will keep an object scanning history, and willoptionally store a public key list, a valid ID range list and an objectID hotlist. The scanner class diagram is shown in FIG. 55.

The manufacturer, or other central authority, maintains a number ofObject ID Hot Lists, each with a unique list ID, and the time the listwas last updated. Each hot list comprises a list of suspect object IDs,comprising the object ID, date, time, status (suspected counterfeit,stolen, etc.) and other information. The Object ID Hot List classdiagram is shown in FIG. 56.

The manufacturer, or other central authority, maintains a list of validID ranges. Each valid object ID range entry in the list comprises thestart object ID and end object ID (the valid ID range) and the time theentry was updated. The Valid ID Range List class diagram is shown inFIG. 57.

The manufacturer, or other central authority, maintains a public keylist. The public key list consists of a number of entries identifyingthe public key for a range of Object IDs. Each valid object ID rangeentry comprises the update time for the entry, the start object ID forthe range, the end object ID for the range, and the public keyapplicable to each object ID in the given range. The Public Key Listclass diagram is shown in FIG. 58.

Object authentication may be performed by the manufacturer, or by athird-party trusted authenticator. A trusted authenticator has anauthenticator ID, name and details. A trusted authenticator holds a listof public-private key pairs, each associated with one or more ID ranges.This is a list of object ID ranges (identified by the start and end ID)and the corresponding public/private signature key pair. A trustedauthenticator also holds a list of secret signatures, and a list ofpublic-key signatures. Each public-key signature identifies the actualsignature and/or the padding used to generate the signature. Each secretsignature and public-key signature is associated by object ID with aunique object. The Trusted Authenticator class diagram is shown in FIG.59.

Applications

It will be appreciated that Hyperlabel tags can be used with a range ofobjects, including, for example, items of manufacture, pharmaceuticalitems, currency notes, cheques, credit or debit cards, redeemabletickets, vouchers, coupons, lottery tickets instant win tickets, oridentity cards or documents, such as a driver's licenses or passports.

The identity can include at least one of an Electronic Product Code(EPC), a National Drug Code (NDC) number, a serial number of apharmaceutical item, a currency note attribute such as a value or thelike, a cheque attribute or a card attribute such as card type, issuinginstitution, account number, issue date, expiry date or limit.

Advantages of Hyperlabel

Unlike 2D optical barcodes that are often difficult to read due to labeldamage and a direct ‘line-of-sight’ requirement needed for scanning,optically readable, but invisible, infrared Hyperlabel tags, are printedall over, or on a large section of a product label. Hyperlabel tagssupport line-of-sight omnidirectional reading. In practice, theHyperlabel reader is designed to scan the scanning field from at leasttwo substantially orthogonal directions. This helps the reader to avoidocclusions which may occur if a hand is holding an item. Hyperlabel tagsalso incorporate Reed-Solomon error correction methods to improvereliability.

A further advantage of Hyperlabels over barcodes is that they areunobtrusive to the customer as they do not use visible label space, andtag information is not restricted to only one section of a label.

Hyperlabel tags are therefore easy to locate, easy to read, and enableaccurate automatic scanning.

Hyperlabels are less promiscuous than RFID tags since they requireline-of-sight for reading. This means that it will be difficult forcustomers to have their product scanned for information without theirknowledge. Hyperlabels provide customers with the means to protect theirprivacy.

Hyperlabels as Interactive Web Pages

A distinctive and unique feature of Hyperlabel technology is thatHyperlabels provide the opportunity to design packaging labels asinteractive ‘Web pages’—and thus make it possible for a whole new rangeof product-linked customer services to be introduced by thepharmaceutical industry.

When digital pen use becomes widespread, product graphics can be addedto labels to indicate interactive areas and prompting customers to writeor click using a Netpage pen. A digital Netpage pen can identify the x-yposition on a label, and enable a link to be established between theinformation on the label, and a Web page on a server. The Netpage penconnects the customer to an Internet-based Hyperlabel Server through acompanion device such as a mobile phone or computer.

Using a Netpage pen to interact with the label, customers can be offeredadditional information on drug use, risks and advice on potentialinteractions between drugs. It could also provide an opportunity forcustomers to register for participation in new drug trials, to enterpromotions, to participate in Web chat sessions, or to receive ‘free’samples. Web pages can be customised based on customer profiles, localarea health data, or by using a range of product supply chain data suchas geographic location.

Hyperlabels therefore make it possible for the pharmaceutical industryto extend the use of product labels and packaging to increase brandstrength, and to establish closer links with customers. Thus, withHyperlabels, the customer can become an integral part of the productsupply chain, and supply chain data can be integrated with customerrelationship management (CRM) or healthcare databases to improve theoverall efficiency and level of service offered to customers.

1. A method of authenticating an object, the method including, in acomputer system: receiving indicating data from a sensing device, thesensing device generating the indicating data in response to sensing ofcoded data provided on or in a surface associated with the object, theindicating data being indicative of: an identity of the object; and, atleast part of a signature, the signature being a digital signature of atleast part of the identity; and, determining, using the indicating data,a received identity and a received signature part; determining, usingthe received identity, at least a determined signature part; comparingthe determined signature part to the received signature part; and,authenticating the object using the results of the comparison.
 2. Amethod according to claim 1, wherein the method includes, in thecomputer system: generating authentication data indicative of success orfailure of the authentication; and, transferring the authentication datato a user.
 3. A method according to claim 2, wherein the methodincludes, in the computer system, transferring the authentication datato the sensing device.
 4. A method according to claim 1, wherein theindicating data is further indicative of an identity of the signaturepart, and wherein the method includes, in the computer system:determining, using the indicating data, a received signature partidentity; determining, using the received identity, a determinedsignature; and, determining, using the determined signature and thereceived signature part identity, the determined signature part.
 5. Amethod according to claim 1, wherein the method includes, in thecomputer system, retrieving from a data store, using the receivedidentity, stored data indicative of the digital signature, the storeddata including at least one of: padding associated with the signature; aprivate key; a public key; one or more digital signature parts; and, thedigital signature.
 6. A method according to claim 5, wherein the storeddata is stored in a database and is indexed by at least one of: theidentity; and, a range of identities.
 7. A method according to claim 5,wherein the method includes, in the computer system, generating thedetermined signature part using the stored data and the receivedidentity.
 8. A method according to claim 5, wherein the method includes,in the computer system: generating, using the stored data and thereceived identity, a determined signature; selecting a part of thedetermined signature; and, comparing the selected signature part to thereceived signature part.
 9. A method according to claim 8, wherein themethod includes, in the computer system: determining, using theindicating data, a received signature part identity; selecting, usingthe received signature part identity, part of the determined signature.10. A method according to claim 1, wherein the signature is a digitalsignature of at least part of the identity and at least part ofpredetermined padding, and wherein the method includes, in the computersystem: determining, using the received identity, the predeterminedpadding; and, determining, using the predetermined padding and thereceived identity, the determined signature part.
 11. A method accordingto claim 1, wherein the computer system forms part of the sensingdevice.
 12. A device according to claim 1, wherein the coded dataincludes a number of coded data portions, and wherein each coded dataportion is at least partially indicative of at least one of: at leastpart of the identity; at least part of the signature; and, a position ofthe coded data portion on the surface.
 13. A device according to claim12, wherein each coded data portion encodes the entire signature.
 14. Adevice according to claim 12, wherein the entire signature is formedfrom a plurality of signature parts, and wherein each coded data portionencodes a respective signature part.
 15. A method according to claim 12,wherein the indicating data is further indicative of at least one of: alocation of the respective data portion; a position of the respectivedata portion on the surface; a size of the data portions; a size of thesignature; a size of the signature part; an identity of a signaturepart; units of indicated locations; redundant data; data allowing errorcorrection; Reed-Solomon data; and, Cyclic Redundancy Check (CRC) data.16. A method according to claim 1, wherein the digital signatureincludes at least one of: a random number associated with the identity;a keyed hash of at least the identity; a keyed hash of at least theidentity produced using a private key, and verifiable using acorresponding public key; cipher-text produced by encrypting at leastthe identity; cipher-text produced by encrypting at least the identityand a random number; and, cipher-text produced using a private key, andverifiable using a corresponding public key.
 17. A method according toclaim 1, wherein the identity includes at least one of: an identity ofat least one of: the object; the surface; and, a region of the surface;an Electronic Product Code (EPC); a National Drug Code (NDC) number; aserial number of a pharmaceutical item; a currency note attributeincluding at least one of: currency; issue country; denomination; noteside; printing works; and serial number; a check attribute including atleast one of: currency; issuing institution; account number; serialnumber; expiry date; check value; and limit; and a card attributeincluding at least one of: card type; issuing institution; accountnumber; issue date; expiry date; and limit.
 18. A method according toclaim 1, wherein the coded data is arranged in accordance with at leastone layout having n-fold rotational symmetry, where n is at least two,the layout including n identical sub-layouts rotated 1/n revolutionsapart about a centre of rotation, at least one sub-layout includingrotation-indicating data that distinguishes that sub-layout from eachother sub-layout.
 19. A method according to claim 1, wherein the codeddata is arranged in accordance with at least one layout having n-foldrotational symmetry, where n is at least two, the layout encodingorientation-indicating data comprising a sequence of an integer multiplem of n symbols, where m is one or more, each encoded symbol beingdistributed at n locations about a centre of rotational symmetry of thelayout such that decoding the symbols at each of the n orientations ofthe layout produces n representations of the orientation-indicatingdata, each representation comprising a different cyclic shift of theorientation-indicating data and being indicative of the degree ofrotation of the layout.
 20. A method of authenticating an object, themethod including, in a sensing device: sensing coded data provided on orin a surface associated with the object; determining, from the sensedcoded data, indicating data indicative of: an identity of the object;and, at least part of a signature, the signature being a digitalsignature of at least part of the identity; and, transferring theindicating data to a computer system, the computer system beingresponsive to the indicating data to: determine, using the indicatingdata, a received identity and a received signature part; determine,using the received identity, at least a determined signature part;compare the determined signature part to the received signature part;and, authenticate the object using the results of the comparison.